Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

acbe32afbd...21.exe

windows7-x64

10

acbe32afbd...21.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    acbe32afbdf67ae6aa81e19f4cba285da5fec8b24163a369048a041729159521

  • Size

    921KB

  • MD5

    ffb0b2a6d13a400e4e05908cfe0e677b

  • SHA1

    e27ecf8d074beb524219b6d9e563fc5f76cd0546

  • SHA256

    acbe32afbdf67ae6aa81e19f4cba285da5fec8b24163a369048a041729159521

  • SHA512

    5ade0726c36bea2b02c9e9533bc166be4f3794bd78a15a814eb5be418794880c22987f434fcd51967f1c33c3550b671f257b9583121c6ef0c5f0231ccee897f3

  • SSDEEP

    24576:ZCW4MROxnF43olqrrcI0AilFEvxHjiQ8:ZCVMiGrrrcI0AilFEvxHj

Score
10/10
orcus

Malware Config

Extracted

Family

orcus

C2

85.159.230.132:10134

Mutex

0a90560fd1de4ef0859fc02bececce78

Attributes
  • autostart_method

    Registry

  • enable_keylogger

    true

  • install_path

    %programfiles%\svhost\svhost.exe

  • reconnect_delay

    10000

  • registry_keyname

    Orcus

  • taskscheduler_taskname

    Orcus

  • watchdog_path

    AppData\svhost.exe

Signatures

  • Orcurs Rat Executable 1 IoCs
  • Orcus family
    orcus
  • Orcus main payload 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • acbe32afbdf67ae6aa81e19f4cba285da5fec8b24163a369048a041729159521
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections