General
-
Target
658CB5F3BD26B13BB619C625501D7283.exe
-
Size
907KB
-
MD5
658cb5f3bd26b13bb619c625501d7283
-
SHA1
55ed61f7bd39147201a022ec3f83edfc8c58e002
-
SHA256
88f3320f4bcd533c568b9ba53205deb1b0e430c3c32a1dfa0bfded03851114a8
-
SHA512
d932c5b58120b466ae3451ececbb9fc323603d70b728294dce88e8b911c38dd65f0a81ec8fbba7f4c7dd2b9f9f3304de318a5297703e1d94204c89c3be55ad91
Score
10/10
Malware Config
Extracted
Family
orcus
Botnet
People
C2
4.tcp.ngrok.io:16788
Mutex
55c8e5e3f5fe4794a3ef3a55735c66ad
Attributes
-
autostart_method
Registry
-
enable_keylogger
true
-
install_path
%appdata%\MultiRunner\MultiRunner.exe
-
reconnect_delay
10000
-
registry_keyname
MutliRunner
-
taskscheduler_taskname
MultiRunner
-
watchdog_path
AppData\MultiHelper.exe
Signatures
-
Orcurs Rat Executable 1 IoCs
-
Orcus Main Payload 1 IoCs
-
Orcus family
Files
-
658CB5F3BD26B13BB619C625501D7283.exe