Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
26ee8d814829b62ddeddc77a822d5e3cb8895e461230df96972f1aec5b86a1dc
-
Size
923KB
-
MD5
e00843fe99b2fa2036c61033e7c0c3b7
-
SHA1
44e06566d15e861eb5e339ec89aa09e7d7d02d5c
-
SHA256
26ee8d814829b62ddeddc77a822d5e3cb8895e461230df96972f1aec5b86a1dc
-
SHA512
1ad733322fe0ad89cbe664b1d2287651cdf6024861fb76c5508a8e4bd4db2a4f3a7704533b70a2205d0f83ed23827f21e3070c1325bccda8871598de547b0eec
-
SSDEEP
24576:tCW4MROxnF43ol5rrcI0AilFEvxHjMQ+:tCVMiGsrrcI0AilFEvxHj
Score
10/10
Malware Config
Extracted
Family
orcus
C2
147.185.221.25:42649
Mutex
0a90560fd1de4ef0859fc02bececce78
Attributes
-
autostart_method
Registry
-
enable_keylogger
true
-
install_path
%programfiles%\svhost\svhost.exe
-
reconnect_delay
10000
-
registry_keyname
svhost
-
taskscheduler_taskname
svhost
-
watchdog_path
AppData\svhost.exe
Signatures
-
Orcurs Rat Executable 1 IoCs
-
Orcus family
-
Orcus main payload 1 IoCs
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Files
-
26ee8d814829b62ddeddc77a822d5e3cb8895e461230df96972f1aec5b86a1dc
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
Imports
Sections