Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
f39d2fd8ade05fe148543b7f0ef29d50cc07e63f16ec68ebcbda78d254585102
-
Size
915KB
-
MD5
19fa8a03adf350cd95bf2b1fc2573cda
-
SHA1
eea30cdea85c3b4afc41ab4801920adc505b60a0
-
SHA256
f39d2fd8ade05fe148543b7f0ef29d50cc07e63f16ec68ebcbda78d254585102
-
SHA512
72316d36d0617b5607e4b04e29378262ad181d15541196745f1a6bbafff0cb0bd24c44249258ff9da0d3bea144e597fb876d0ba9a09147ebfa0dddfe6add296f
-
SSDEEP
24576:YGq4MROxnFi37scrrcI0AilFEvxHPLoo9:YuMiogcrrcI0AilFEvxHP
Malware Config
Extracted
orcus
skr
192.168.100.6:11111
b3aa60325c6047f096cc62b26c15372c
-
autostart_method
TaskScheduler
-
enable_keylogger
false
-
install_path
%programfiles%\Orcus\Orcus.exe
-
reconnect_delay
10000
-
registry_keyname
NvNodeLauncher_{B2F71952-0186-46C3-BAEC-A80AA35AC5B8}
-
taskscheduler_taskname
NvNodeLauncher_{B8FV1952-S1Y6-46D3-B8EC-A8VAA355C5B8}
-
watchdog_path
Temp\bcastdvr.exe
Signatures
-
Orcurs Rat Executable 1 IoCs
-
Orcus family
-
Orcus main payload 1 IoCs
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Files
-
f39d2fd8ade05fe148543b7f0ef29d50cc07e63f16ec68ebcbda78d254585102
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
Imports
Sections