Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

f4e3324558...89.exe

windows7-x64

10

f4e3324558...89.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f4e3324558882e59446e62af6f8a611877f55c6b8962b78b5176ced937c3b389

  • Size

    3.0MB

  • Sample

    250202-beldsazpdp

  • MD5

    a72937e406903b850e6495cc075f0cf0

  • SHA1

    5ac424513587e81a8be986e14ca1a93ec2b3a6cf

  • SHA256

    f4e3324558882e59446e62af6f8a611877f55c6b8962b78b5176ced937c3b389

  • SHA512

    293bddb47da6921d5fec10323910e9b999e8fc884b5a94da96c4e4ed33b03488808aed7e40f2e785c7b69d8c655a431deda4639834cb665b2b26e6fc67b213db

  • SSDEEP

    49152:Cs7p1EZKMnkmWg8LX5prviYDyKS5AypQxbRQAo9JnCmpau/nRFfjI7L0qb:CsHTPJg8z1mKnypSbRxo9JCm

Score
10/10
orcusw456252343discoveryratspywarestealer

Malware Config

Extracted

Family

orcus

Botnet

w456252343

C2

31.44.184.52:16749

Mutex

sudo_2xhilo3bzouvzhps1gga0z7y4e5j8gif

Attributes
  • autostart_method

    Disable

  • enable_keylogger

    false

  • install_path

    %appdata%\linux_\datalifeasync.exe

  • reconnect_delay

    10000

  • registry_keyname

    Sudik

  • taskscheduler_taskname

    sudik

  • watchdog_path

    AppData\aga.exe

Targets

    • Target

      f4e3324558882e59446e62af6f8a611877f55c6b8962b78b5176ced937c3b389

    • Size

      3.0MB

    • MD5

      a72937e406903b850e6495cc075f0cf0

    • SHA1

      5ac424513587e81a8be986e14ca1a93ec2b3a6cf

    • SHA256

      f4e3324558882e59446e62af6f8a611877f55c6b8962b78b5176ced937c3b389

    • SHA512

      293bddb47da6921d5fec10323910e9b999e8fc884b5a94da96c4e4ed33b03488808aed7e40f2e785c7b69d8c655a431deda4639834cb665b2b26e6fc67b213db

    • SSDEEP

      49152:Cs7p1EZKMnkmWg8LX5prviYDyKS5AypQxbRQAo9JnCmpau/nRFfjI7L0qb:CsHTPJg8z1mKnypSbRxo9JCm

    Score
    10/10
    orcusw456252343discoveryratspywarestealer

    • Orcus

      Orcus is a Remote Access Trojan that is being sold on underground forums.

      ratspywarestealerorcus

    • Orcus family

      orcus

    • Orcurs Rat Executable

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks