Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

ed795fc70e...59.exe

windows7-x64

10

ed795fc70e...59.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ed795fc70ee5ad17c07d508bd246dbd06f1b7b31b658de430ad624349e9d8059

  • Size

    1.1MB

  • Sample

    240424-bh8ngsde35

  • MD5

    1f9764861e8d9f9abf023df85266ffbf

  • SHA1

    b0c4fe71402fbdbf6766764c1bcbf90690b492f5

  • SHA256

    ed795fc70ee5ad17c07d508bd246dbd06f1b7b31b658de430ad624349e9d8059

  • SHA512

    3cab62821c840c55d5f3649695906d62aad10f7cc697c071916e6da01316d72910be2187ced73306b7adacaaa70362317d98657e3b8083d01c1c37e05cace7f6

  • SSDEEP

    24576:CDN4MROxnFi3csSrrcI0AilFEvxHPpooPF:CuMioRSrrcI0AilFEvxHP3

Score
10/10
orcus}{ertvapersistenceratspywarestealer

Malware Config

Extracted

Family

orcus

Botnet

}{ERTVA

C2

0.0.0.0:1268

Mutex

d09e3406273e4b918a3fae435fcb264c

Attributes
  • autostart_method

    Registry

  • enable_keylogger

    false

  • install_path

    %programfiles%\Orcus\Wincorgs.exe

  • reconnect_delay

    10000

  • registry_keyname

    Wineyes

  • taskscheduler_taskname

    wineyes

  • watchdog_path

    AppData\Eyesmgr.exe

Targets

    • Target

      ed795fc70ee5ad17c07d508bd246dbd06f1b7b31b658de430ad624349e9d8059

    • Size

      1.1MB

    • MD5

      1f9764861e8d9f9abf023df85266ffbf

    • SHA1

      b0c4fe71402fbdbf6766764c1bcbf90690b492f5

    • SHA256

      ed795fc70ee5ad17c07d508bd246dbd06f1b7b31b658de430ad624349e9d8059

    • SHA512

      3cab62821c840c55d5f3649695906d62aad10f7cc697c071916e6da01316d72910be2187ced73306b7adacaaa70362317d98657e3b8083d01c1c37e05cace7f6

    • SSDEEP

      24576:CDN4MROxnFi3csSrrcI0AilFEvxHPpooPF:CuMioRSrrcI0AilFEvxHP3

    Score
    10/10
    orcus}{ertvapersistenceratspywarestealer

    • Orcus

      Orcus is a Remote Access Trojan that is being sold on underground forums.

      ratspywarestealerorcus

    • Orcus main payload

    • Orcurs Rat Executable

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.