Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
748f6be55670e72814b65bbb4a99ac927b747191624b899e8aec9991e6c7508e
-
Size
924KB
-
MD5
65b8b0a4be160758714c0a5844f720b7
-
SHA1
9221f71daa2045ce35bc615a2595852d41984fa6
-
SHA256
748f6be55670e72814b65bbb4a99ac927b747191624b899e8aec9991e6c7508e
-
SHA512
24bb5964acf9c000ead37f1329410d2e26fb0da8054ca782a104404aea199c4bbaf213b08e6f4906d560558ee6d49ec11b6df9fa0c51acfd057d6db364071a27
-
SSDEEP
24576:Nzra4MROxnFE3KrXperZlI0AilFEvxHiHj:Nz1MiuQperZlI0AilFEvxHi
Score
10/10
Malware Config
Extracted
Family
orcus
C2
loss-justin.gl.at.ply.gg:48331
Mutex
27edce0e1a134e88b505ddd0fd2d2ad7
Attributes
-
autostart_method
TaskScheduler
-
enable_keylogger
true
-
install_path
%programfiles%\NotePad\NotePad.exe
-
reconnect_delay
10000
-
registry_keyname
Orcus
-
taskscheduler_taskname
RobloxCrashHandler_19384
-
watchdog_path
Temp\RobloxCrash.exe
Signatures
-
Orcurs Rat Executable 1 IoCs
-
Orcus family
-
Orcus main payload 1 IoCs
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Files
-
748f6be55670e72814b65bbb4a99ac927b747191624b899e8aec9991e6c7508e
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
Imports
Sections