Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Overview
overview
7Static
static
7ORIONX-FUD...ER.exe
windows7-x64
7ORIONX-FUD...ER.exe
windows10-2004-x64
7ORIONX-FUD...st.exe
windows7-x64
1ORIONX-FUD...st.exe
windows10-2004-x64
7ORIONX-FUD...40.dll
windows7-x64
1ORIONX-FUD...40.dll
windows10-2004-x64
1ORIONX-FUD...z2.dll
windows7-x64
1ORIONX-FUD...z2.dll
windows10-2004-x64
1ORIONX-FUD...al.dll
windows7-x64
1ORIONX-FUD...al.dll
windows10-2004-x64
1ORIONX-FUD...ib.dll
windows7-x64
1ORIONX-FUD...ib.dll
windows10-2004-x64
1ORIONX-FUD...ma.dll
windows7-x64
1ORIONX-FUD...ma.dll
windows10-2004-x64
1ORIONX-FUD...sl.dll
windows7-x64
1ORIONX-FUD...sl.dll
windows10-2004-x64
1ORIONX-FUD...er.dll
windows7-x64
1ORIONX-FUD...er.dll
windows10-2004-x64
1ORIONX-FUD..._1.dll
windows7-x64
1ORIONX-FUD..._1.dll
windows10-2004-x64
1ORIONX-FUD..._1.dll
windows7-x64
1ORIONX-FUD..._1.dll
windows10-2004-x64
1ORIONX-FUD...11.dll
windows7-x64
1ORIONX-FUD...11.dll
windows10-2004-x64
1ORIONX-FUD...ct.dll
windows7-x64
1ORIONX-FUD...ct.dll
windows10-2004-x64
1ORIONX-FUD...ub.exe
windows7-x64
ORIONX-FUD...ub.exe
windows10-2004-x64
ORIONX-FUD...to.vbs
windows7-x64
1ORIONX-FUD...to.vbs
windows10-2004-x64
1ORIONX-FUD...ck.vbs
windows7-x64
1ORIONX-FUD...ck.vbs
windows10-2004-x64
1General
-
Target
29f397839dcd23153c3e22d58cc729f9.bin
-
Size
36.0MB
-
Sample
240220-br5yysgf4v
-
MD5
29f397839dcd23153c3e22d58cc729f9
-
SHA1
cc283d2b1069b4ab6c4eb6f9a6f14dff0b96c0a6
-
SHA256
75ce91d4f361227c1275a326653533c5eaa494b87dd96c529b03d0a3a6ff9ae2
-
SHA512
d612b62e72d952ff20cb355144d868bb8db03529084c4b58fecd17c1ccdc76b690c8280631d33582e022ac0776e55fd0075b74ef608a0f261c4ce007dcfd09c3
-
SSDEEP
786432:jCRbCv+asKwdLVz50cdg1uzwoQMbxmllvg9LPuuOy01+qBA:jCg+asKwdNGcdMuzwoQMIviWuOT1fBA
Behavioral task
behavioral1
Sample
ORIONX-FUD-CRYPTER-main/ORIONX FUD CRYPTER.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
ORIONX-FUD-CRYPTER-main/ORIONX FUD CRYPTER.exe
Resource
win10v2004-20231215-en
Behavioral task
behavioral3
Sample
ORIONX-FUD-CRYPTER-main/main/sys/ApplicationFrameHost.exe
Resource
win7-20231215-en
Behavioral task
behavioral4
Sample
ORIONX-FUD-CRYPTER-main/main/sys/ApplicationFrameHost.exe
Resource
win10v2004-20231215-en
Behavioral task
behavioral5
Sample
ORIONX-FUD-CRYPTER-main/main/sys/VCRUNTIME140.dll
Resource
win7-20231215-en
Behavioral task
behavioral6
Sample
ORIONX-FUD-CRYPTER-main/main/sys/VCRUNTIME140.dll
Resource
win10v2004-20231215-en
Behavioral task
behavioral7
Sample
ORIONX-FUD-CRYPTER-main/main/sys/_bz2.dll
Resource
win7-20231215-en
Behavioral task
behavioral8
Sample
ORIONX-FUD-CRYPTER-main/main/sys/_bz2.dll
Resource
win10v2004-20231215-en
Behavioral task
behavioral9
Sample
ORIONX-FUD-CRYPTER-main/main/sys/_decimal.dll
Resource
win7-20231215-en
Behavioral task
behavioral10
Sample
ORIONX-FUD-CRYPTER-main/main/sys/_decimal.dll
Resource
win10v2004-20231215-en
Behavioral task
behavioral11
Sample
ORIONX-FUD-CRYPTER-main/main/sys/_hashlib.dll
Resource
win7-20231215-en
Behavioral task
behavioral12
Sample
ORIONX-FUD-CRYPTER-main/main/sys/_hashlib.dll
Resource
win10v2004-20231222-en
Behavioral task
behavioral13
Sample
ORIONX-FUD-CRYPTER-main/main/sys/_lzma.dll
Resource
win7-20240215-en
Behavioral task
behavioral14
Sample
ORIONX-FUD-CRYPTER-main/main/sys/_lzma.dll
Resource
win10v2004-20231215-en
Behavioral task
behavioral15
Sample
ORIONX-FUD-CRYPTER-main/main/sys/_ssl.dll
Resource
win7-20231215-en
Behavioral task
behavioral16
Sample
ORIONX-FUD-CRYPTER-main/main/sys/_ssl.dll
Resource
win10v2004-20231215-en
Behavioral task
behavioral17
Sample
ORIONX-FUD-CRYPTER-main/main/sys/_tkinter.dll
Resource
win7-20231215-en
Behavioral task
behavioral18
Sample
ORIONX-FUD-CRYPTER-main/main/sys/_tkinter.dll
Resource
win10v2004-20231215-en
Behavioral task
behavioral19
Sample
ORIONX-FUD-CRYPTER-main/main/sys/libcrypto-1_1.dll
Resource
win7-20231215-en
Behavioral task
behavioral20
Sample
ORIONX-FUD-CRYPTER-main/main/sys/libcrypto-1_1.dll
Resource
win10v2004-20231215-en
Behavioral task
behavioral21
Sample
ORIONX-FUD-CRYPTER-main/main/sys/libssl-1_1.dll
Resource
win7-20231129-en
Behavioral task
behavioral22
Sample
ORIONX-FUD-CRYPTER-main/main/sys/libssl-1_1.dll
Resource
win10v2004-20231215-en
Behavioral task
behavioral23
Sample
ORIONX-FUD-CRYPTER-main/main/sys/python311.dll
Resource
win7-20231215-en
Behavioral task
behavioral24
Sample
ORIONX-FUD-CRYPTER-main/main/sys/python311.dll
Resource
win10v2004-20231215-en
Behavioral task
behavioral25
Sample
ORIONX-FUD-CRYPTER-main/main/sys/select.dll
Resource
win7-20231215-en
Behavioral task
behavioral26
Sample
ORIONX-FUD-CRYPTER-main/main/sys/select.dll
Resource
win10v2004-20231222-en
Behavioral task
behavioral27
Sample
ORIONX-FUD-CRYPTER-main/main/sys/sys_stub.exe
Resource
win7-20231215-en
Behavioral task
behavioral28
Sample
ORIONX-FUD-CRYPTER-main/main/sys/sys_stub.exe
Resource
win10v2004-20231222-en
Behavioral task
behavioral29
Sample
ORIONX-FUD-CRYPTER-main/main/sys/tcl/auto.vbs
Resource
win7-20231215-en
Behavioral task
behavioral30
Sample
ORIONX-FUD-CRYPTER-main/main/sys/tcl/auto.vbs
Resource
win10v2004-20231215-en
Behavioral task
behavioral31
Sample
ORIONX-FUD-CRYPTER-main/main/sys/tcl/clock.vbs
Resource
win7-20231215-en
Behavioral task
behavioral32
Sample
ORIONX-FUD-CRYPTER-main/main/sys/tcl/clock.vbs
Resource
win10v2004-20231222-en
Malware Config
Targets
-
-
Target
ORIONX-FUD-CRYPTER-main/ORIONX FUD CRYPTER.exe
-
Size
9.6MB
-
MD5
af452c108fee8530119d2534722238dd
-
SHA1
3d40eb00f9a455f5550a1b3ddd60c8dd09b13244
-
SHA256
a1539f9996c040b18c34983d48b80a3592f00c93ab5a279bf015999cf1796e1b
-
SHA512
fb12422ab74300c6874689659136da2655f02f2200a9de92d343e79ce1dd43f6d9277544d73d21066696fedb3be6b0407264979fefc75763f2d279a2655b486e
-
SSDEEP
196608:hFCY0yk+DfyGZ21X5Sp6GemDMPwSaw2cgWg1bMe0W8/LaNrruuWC:TCY0yxDfD0pfaMPXaw2a5W80ui
Score7/10-
Loads dropped DLL
-
-
-
Target
ORIONX-FUD-CRYPTER-main/main/sys/ApplicationFrameHost.exe
-
Size
9.2MB
-
MD5
7afc93b5b406fdb0cb1c98cab41c3e95
-
SHA1
ae17207e9542196f204adeb5e2b96349d0da167e
-
SHA256
39e8ce10a0fde4c94d9f939a51f7322676cd67fade457609a7f1dc27738a7c4c
-
SHA512
92c8e42b588ac9dc23a4aaaeab23336fde45b57e725c78725ec0414ca9eadb3a0093c2ad0e09614fabca4875ba43d3bc4a79d0eb96e321c2ad4641894237c790
-
SSDEEP
196608:neXeYDNJZVPpflOjmFju74M6P9Bq1bMgc3nruWGml1J9P:eXpnVPiKUMMIBbpruQJ9
Score7/10-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
-
-
Target
ORIONX-FUD-CRYPTER-main/main/sys/VCRUNTIME140.dll
-
Size
106KB
-
MD5
4585a96cc4eef6aafd5e27ea09147dc6
-
SHA1
489cfff1b19abbec98fda26ac8958005e88dd0cb
-
SHA256
a8f950b4357ec12cfccddc9094cca56a3d5244b95e09ea6e9a746489f2d58736
-
SHA512
d78260c66331fe3029d2cc1b41a5d002ec651f2e3bbf55076d65839b5e3c6297955afd4d9ab8951fbdc9f929dbc65eb18b14b59bce1f2994318564eb4920f286
-
SSDEEP
1536:GcghbEGyzXJZDWnEzWG9q4lVOiVgXjO5/woecbq8qZHg2zuCS+zuecL:GV3iC0h9q4v6XjKwoecbq8qBTq+1cL
Score1/10 -
-
-
Target
ORIONX-FUD-CRYPTER-main/main/sys/_bz2.pyd
-
Size
82KB
-
MD5
a62207fc33140de460444e191ae19b74
-
SHA1
9327d3d4f9d56f1846781bcb0a05719dea462d74
-
SHA256
ebcac51449f323ae3ae961a33843029c34b6a82138ccd9214cf99f98dd2148c2
-
SHA512
90f9db9ee225958cb3e872b79f2c70cb1fd2248ebaa8f3282afff9250285852156bf668f5cfec49a4591b416ce7ebaaac62d2d887152f5356512f2347e3762b7
-
SSDEEP
1536:MidQz7pZ3catNZTRGE51LOBK5btb8ksfYqZImCVK7SysPxJ:MEQz9Z5VOwtIksAqZImCVKGxJ
Score1/10 -
-
-
Target
ORIONX-FUD-CRYPTER-main/main/sys/_decimal.pyd
-
Size
247KB
-
MD5
692c751a1782cc4b54c203546f238b73
-
SHA1
a103017afb7badaece8fee2721c9a9c924afd989
-
SHA256
c70f05f6bc564fe400527b30c29461e9642fb973f66eec719d282d3d0b402f93
-
SHA512
1b1ad0ca648bd50ce6e6af4be78ad818487aa336318b272417a2e955ead546c9e0864b515150cd48751a03ca8c62f9ec91306cda41baea52452e3fcc24d57d39
-
SSDEEP
6144:kH26+xqWUSYJqg2Jda6Rc7nxSelwgozq6t3Vs9qWM53pLW1AGgVMtEIbjf:aWUSYJqge47n8elwHjtl0EIjf
Score1/10 -
-
-
Target
ORIONX-FUD-CRYPTER-main/main/sys/_hashlib.pyd
-
Size
63KB
-
MD5
787b82d4466f393366657b8f1bc5f1a9
-
SHA1
658639cddda55ac3bfc452db4ec9cf88851e606b
-
SHA256
241322647ba9f94bdc3ae387413ffb57ae14c8cf88bd564a31fe193c6ca43e37
-
SHA512
afcf66962958f38eec8b591aa30d380eb0e1b41028836058ff91b4d1472658de9fba3262f5c27ba688bd73da018e938f398e45911cd37584f623073067f575b6
-
SSDEEP
1536:aG8njpnxGkYNEusZE/0Cw6cG1xImOI8K7Sy7Px:a7njpnxBZyw6t1xImOI8K1x
Score1/10 -
-
-
Target
ORIONX-FUD-CRYPTER-main/main/sys/_lzma.pyd
-
Size
155KB
-
MD5
0c7ea68ca88c07ae6b0a725497067891
-
SHA1
c2b61a3e230b30416bc283d1f3ea25678670eb74
-
SHA256
f74aaf0aa08cf90eb1eb23a474ccb7cb706b1ede7f911daf7ae68480765bdf11
-
SHA512
fd52f20496a12e6b20279646663d880b1354cffea10793506fe4560ed7da53e4efba900ae65c9996fbb3179c83844a9674051385e6e3c26fb2622917351846b9
-
SSDEEP
3072:5lirS97HrdVmEkGCm5hvznf49mNo2GOvJ02ZImZ1tUtx:5lirG0EkTQAYO2GQ3
Score1/10 -
-
-
Target
ORIONX-FUD-CRYPTER-main/main/sys/_ssl.pyd
-
Size
157KB
-
MD5
ab0e4fbffb6977d0196c7d50bc76cf2d
-
SHA1
680e581c27d67cd1545c810dbb175c2a2a4ef714
-
SHA256
680ad2de8a6cff927822c1d7dd22112a3e8a824e82a7958ee409a7b9ce45ec70
-
SHA512
2bff84a8ec7a26dde8d1bb09792ead8636009c8ef3fa68300a75420197cd7b6c8eaaf8db6a5f97442723e5228afa62961f002948e0eeee8c957c6517547dffba
-
SSDEEP
3072:iMxkIQQ8JHl+HPXeLeDgcuM8BYZxn8xfCA+nbUtgGoo4AyclUZImC7cbnx:iMxH8JFSGLAuMdnx1UZUf
Score1/10 -
-
-
Target
ORIONX-FUD-CRYPTER-main/main/sys/_tkinter.pyd
-
Size
62KB
-
MD5
6352db60d88705ce62b5665764529006
-
SHA1
e7a22fd590661e91dfe5cace1adff17d7a3de5ec
-
SHA256
4536d9092a366426aa01e1800d9d4de669928bbcb277f2363d54df44da096c31
-
SHA512
78b19668c82aef75dcdf98fd0b90677f3530cb7e80dc7cfec5640637fecb3e5d4fb38c21051fc305133882d26c6f8ecb03825227a3d66c5045b968bdc624bd2c
-
SSDEEP
768:w9v6FLQ04EgxQ1NX7TXBsd1T81LGAmUyP4QNxkoxImOSq5YiSyvCPxWE9:CyFLX9B7881Cj/wQNpxImOSo7SyqPx
Score1/10 -
-
-
Target
ORIONX-FUD-CRYPTER-main/main/sys/libcrypto-1_1.dll
-
Size
3.3MB
-
MD5
9d7a0c99256c50afd5b0560ba2548930
-
SHA1
76bd9f13597a46f5283aa35c30b53c21976d0824
-
SHA256
9b7b4a0ad212095a8c2e35c71694d8a1764cd72a829e8e17c8afe3a55f147939
-
SHA512
cb39aa99b9d98c735fdacf1c5ed68a4d09d11f30262b91f6aa48c3f8520eff95e499400d0ce7e280ca7a90ff6d7141d2d893ef0b33a8803a1cadb28ba9a9e3e2
-
SSDEEP
98304:YP+uemAdn67xfxw6rKsK1CPwDv3uFfJz1CmiX:OZemAYxfxw6HK1CPwDv3uFfJzUmA
Score1/10 -
-
-
Target
ORIONX-FUD-CRYPTER-main/main/sys/libssl-1_1.dll
-
Size
688KB
-
MD5
bec0f86f9da765e2a02c9237259a7898
-
SHA1
3caa604c3fff88e71f489977e4293a488fb5671c
-
SHA256
d74ce01319ae6f54483a19375524aa39d9f5fd91f06cf7df238ca25e043130fd
-
SHA512
ffbc4e5ffdb49704e7aa6d74533e5af76bbe5db297713d8e59bd296143fe5f145fbb616b343eed3c48eceaccccc2431630470d8975a4a17c37eafcc12edd19f4
-
SSDEEP
12288:WhO7/rNKmrouK/POt6h+7ToRLgo479dQwwLOpWW/dQ0TGqwfU2lvz2:2is/POtrzbLp5dQ0TGqcU2lvz2
Score1/10 -
-
-
Target
ORIONX-FUD-CRYPTER-main/main/sys/python311.dll
-
Size
5.5MB
-
MD5
e2bd5ae53427f193b42d64b8e9bf1943
-
SHA1
7c317aad8e2b24c08d3b8b3fba16dd537411727f
-
SHA256
c4844b05e3a936b130adedb854d3c04d49ee54edb43e9d36f8c4ae94ccb78400
-
SHA512
ae23a6707e539c619fd5c5b4fc6e4734edc91f89ebe024d25ff2a70168da6105ac0bd47cf6bf3715af6411963caf0acbb4632464e1619ca6361abf53adfe7036
-
SSDEEP
98304:AtcGVQE2EKmLX3N1fn/q+VHzMzDPFE+syIqPzlJ0:AtcGVQE2XmLX3ffGzJENyIqH0
Score1/10 -
-
-
Target
ORIONX-FUD-CRYPTER-main/main/sys/select.pyd
-
Size
29KB
-
MD5
756c95d4d9b7820b00a3099faf3f4f51
-
SHA1
893954a45c75fb45fe8048a804990ca33f7c072d
-
SHA256
13e4d9a734a453a3613e11b6a518430099ad7e3d874ea407d1f9625b7f60268a
-
SHA512
0f54f0262cf8d71f00bf5666eb15541c6ecc5246cd298efd3b7dd39cdd29553a8242d204c42cfb28c537c3d61580153200373c34a94769f102b3baa288f6c398
-
SSDEEP
768:ReUeJVHqbbDNImQGN5YiSyvaAPxWE9Uux:ReUeJVKbbDNImQGT7SyFPxBx
Score1/10 -
-
-
Target
ORIONX-FUD-CRYPTER-main/main/sys/sys_stub.exe
-
Size
9.2MB
-
MD5
baf91b62e39494eb5dda874c012f0eca
-
SHA1
448ff0d21779062731cf526b225406cf7dd79644
-
SHA256
ac84ecde5cffebbc5b7a8b9f0b47db08dcca9168580af0c888a226ea22c034c7
-
SHA512
9b5f5dd43e4e09bdef986a7cf6f6db4e36c3d117baedcd7aea164c28bd714cff5f8b2f8da064c4b8b85b5c75b92fb22655959ba3195a7435ceccf3d0a62da14c
-
SSDEEP
196608:03+4Wtj951vpflODmFjubYM6P9hKVbsgcZnrO2GmFVJdvV:03aj71viqUMMIh7PrOwJdN
Score1/10 -
-
-
Target
ORIONX-FUD-CRYPTER-main/main/sys/tcl/auto.tcl
-
Size
20KB
-
MD5
02caa5526fa91319315788b38387a5e5
-
SHA1
56d7bd91740759a54d0ae724fd806a124b67ca98
-
SHA256
2a176e7467c15f12198662db68b9deda0726f4f744166c85060b894ce676d055
-
SHA512
aafb4ee6c71b0d75ad41e9bc57d9d297883ae41a994029e5e692c7b1360dd8136e13fbc3f509b4c46659c1d0302ac1a19aa5391610f347c9e2feb7cf6935d398
-
SSDEEP
384:vy8cBWaytAZXTP9nYP9Qq5HU3mT5uhUXBEWoYqpR+7pBtYSbJ0QDVlM:dcBWaytAJTPBYPy13mT5uubqpR+7pYSm
Score1/10 -
-
-
Target
ORIONX-FUD-CRYPTER-main/main/sys/tcl/clock.tcl
-
Size
125KB
-
MD5
f6190e0ddea9aba901eef220cdaedad9
-
SHA1
0e0c8d0bc7d472bf03226805f211fd7acc0a4593
-
SHA256
7f27d400b088a0e72adeb48d17059892e95f08a2a03970bd74cdfb35b106618b
-
SHA512
cadb90ab401966b5b9f6b8087657f227f28a8eae6dddb8b081500e1ac02d9ca8e74c73c8c4205172eb68fb0d5754d8af699cfbfe985b2c37e642ae12b7a32e93
-
SSDEEP
3072:7klVEuSDFeEzGtdaui+urVke5i1IsQ5SvtTImhrYnPrzAvtt2eyw7KBH/SOyQasa:BDFeEzMaui+urVke5i1R6SvtTImhrYPG
Score1/10 -