Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

User tags

Assigned on submission by the user, not by sandbox detections.

Threatview.io Proactive Hunter

General

  • Target

    @O45_204_82_103_XREMCC.exe.1

  • Size

    1.5MB

  • Sample

    240109-hz7k3sheej

  • MD5

    50699f8a9828ae6d19e481e906391e1f

  • SHA1

    432f9e66bbbb1a8be51e3ab8a3e903aa8a96db39

  • SHA256

    04aad94a951c080383f2ad712f0f27bad46327c039960c1573cf02af1974d2d3

  • SHA512

    6b70e9f155ecc9d11b2f6ab4d71c5f9102518c32148393362838e19d5468365b7203c06d60ecb20a126b051e952b439180b4b057f2bc4cb725128d2637b168ff

  • SSDEEP

    24576:VpCPHKEHa10rCwCgWE9rBhh7ZGyjyFkhakMzKmFb:VpCPHKEm0mwCgFrfh7UyjnhakMzKs

Malware Config

Extracted

Family

orcus

C2

45.204.82.103:6606

Mutex

c137f83daf6641cd8f12b4695c8f209e

Attributes
  • autostart_method

    Disable

  • enable_keylogger

    false

  • install_path

    %programfiles%\Orcus\Orcus.exe

  • reconnect_delay

    10000

  • registry_keyname

    Orcus

  • taskscheduler_taskname

    Orcus

  • watchdog_path

    AppData\OrcusWatchdog.exe

Targets

    • Target

      @O45_204_82_103_XREMCC.exe.1

    • Size

      1.5MB

    • MD5

      50699f8a9828ae6d19e481e906391e1f

    • SHA1

      432f9e66bbbb1a8be51e3ab8a3e903aa8a96db39

    • SHA256

      04aad94a951c080383f2ad712f0f27bad46327c039960c1573cf02af1974d2d3

    • SHA512

      6b70e9f155ecc9d11b2f6ab4d71c5f9102518c32148393362838e19d5468365b7203c06d60ecb20a126b051e952b439180b4b057f2bc4cb725128d2637b168ff

    • SSDEEP

      24576:VpCPHKEHa10rCwCgWE9rBhh7ZGyjyFkhakMzKmFb:VpCPHKEm0mwCgFrfh7UyjnhakMzKs

    • Orcus

      Orcus is a Remote Access Trojan that is being sold on underground forums.

    • Orcurs Rat Executable

MITRE ATT&CK Matrix

Tasks