Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
2f320b3ef91258433bf232bd26f5dcb9c6f70394d60680f65744a990d431c7ef
-
Size
3.0MB
-
MD5
b3a7960d97578ab1eb2ae60ed0c3df2e
-
SHA1
8df3e142f4e83bfed04bc8059106f0ffa3bcd6ed
-
SHA256
2f320b3ef91258433bf232bd26f5dcb9c6f70394d60680f65744a990d431c7ef
-
SHA512
d429ad5165126a795d5f939198c23f048b69bda802bdb707100c49b637cd52d992027bc05186ecf269201f5a14c6d95721c0bb04f4fe2d47268e6bc749762f47
-
SSDEEP
49152:O3X27p1EZKMnkmWg8LX5prviYDyKS5AypQxbRQAo9JnCmpEu/nRFfjI7L0qb:OWHTPJg8z1mKnypSbRxo9JCm
Score
10/10
Malware Config
Extracted
Family
orcus
Botnet
Новый тег
C2
31.44.184.52:10903
Mutex
sudo_o3qjvpplzk2x15estch86hef4j7hfbki
Attributes
-
autostart_method
Disable
-
enable_keylogger
false
-
install_path
%appdata%\dataliferequestprocessor\generatortrack.exe
-
reconnect_delay
10000
-
registry_keyname
Sudik
-
taskscheduler_taskname
sudik
-
watchdog_path
AppData\aga.exe
Signatures
-
Orcurs Rat Executable 1 IoCs
-
Orcus family
-
Orcus main payload 1 IoCs
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Files
-
2f320b3ef91258433bf232bd26f5dcb9c6f70394d60680f65744a990d431c7ef
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
Imports
Sections