Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    Orbit.exe

  • Size

    6.1MB

  • Sample

    241003-x4pndswcpc

  • MD5

    c5a284f86ab09705d740e078dd2234fa

  • SHA1

    a687b49998e60b6f1007c1efb439f43a76751c0d

  • SHA256

    c518dd0c733979d19342438ebdcbb2b4048db263f7bcf109dded1ae040d1e8dd

  • SHA512

    f45d47c679ff37e0eb323ade59ff5537668f2f1481af490d0ff05679705ea238f2cdbd2f22b8262eb815e78ed1c2766dadae2a7f2beaf77b1700c8c8787e168a

  • SSDEEP

    98304:SCkUQdmsBO5sw/utgKOK7bev58rxc3rsUwyIO3ZCpbyCzPw:wZmAIWtrPa8r63rsNyIIZC1yIY

Score
7/10

Malware Config

Targets

    • Target

      Orbit.exe

    • Size

      6.1MB

    • MD5

      c5a284f86ab09705d740e078dd2234fa

    • SHA1

      a687b49998e60b6f1007c1efb439f43a76751c0d

    • SHA256

      c518dd0c733979d19342438ebdcbb2b4048db263f7bcf109dded1ae040d1e8dd

    • SHA512

      f45d47c679ff37e0eb323ade59ff5537668f2f1481af490d0ff05679705ea238f2cdbd2f22b8262eb815e78ed1c2766dadae2a7f2beaf77b1700c8c8787e168a

    • SSDEEP

      98304:SCkUQdmsBO5sw/utgKOK7bev58rxc3rsUwyIO3ZCpbyCzPw:wZmAIWtrPa8r63rsNyIIZC1yIY

    Score
    7/10
    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks