Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

467128cff3...18.exe

windows7-x64

10

467128cff3...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    467128cff34d0311c71360b284cf0486_JaffaCakes118

  • Size

    906KB

  • MD5

    467128cff34d0311c71360b284cf0486

  • SHA1

    50b04b134ddcc8303b12f7b419e663c33c5db7d2

  • SHA256

    47dc5ab7882d6560174747144f9ef09c0b66c2a2e94d56337a0a30acbee34118

  • SHA512

    28c69f129a0aed63f24beeec216828ba0d2c13939d25d52d605ffae9ec427bb39a765bc4bf2ed8fa15535ad9d730cd9ea6e53e0a28b90eb62991fbb3930235d3

  • SSDEEP

    12288:3y50ed4UM7571j87dG1lFlWcYT70pxnnaaoawljKgRRAGrZNrI0AilFEvxHvBMPa:rp44MROxnFhgH5rZlI0AilFEvxHiPzO

Score
10/10
group aorcus

Malware Config

Extracted

Family

orcus

Botnet

Group A

C2

kisliycorporait.hopto.org:10134

Mutex

31e1a251228e41c2a660a8dae6e53a62

Attributes
  • autostart_method

    Registry

  • enable_keylogger

    false

  • install_path

    %programfiles%\Local\windll.exe

  • reconnect_delay

    10000

  • registry_keyname

    Windows Securty Advice

  • taskscheduler_taskname

    Deintrep

  • watchdog_path

    AppData\OrcusWatchdog.exe

Signatures

  • Orcurs Rat Executable 1 IoCs
  • Orcus family
    orcus
  • Orcus main payload 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 467128cff34d0311c71360b284cf0486_JaffaCakes118
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections