General
-
Target
f6d66119_extracted
-
Size
953KB
-
MD5
7c0515a40b439d120deb649fb8ccafe3
-
SHA1
c081cb8c417f69a8675f9c90b5cc6778d770d8a7
-
SHA256
3f25bc78db5f00c85bbd8662838858fa12989976b7be9c70aa6f68fe92c78a53
-
SHA512
12f160d3162f5fa8a62e972630e0e9c17385e7ab4a8760a8680f20a89f3acc64c1baff8a68b5a7b8e8f7785b72cac3ae7254bb1b223aacbe413a5e5a65455f41
Score
10/10
Malware Config
Extracted
Family
orcus
Botnet
Start - Steam
C2
185.217.1.185:911
Mutex
a36e4add169c442b882f8f0c5cb7e8cf
Attributes
-
autostart_method
TaskScheduler
-
enable_keylogger
false
-
install_path
%programdata%\Steam\Steam Client.exe
-
reconnect_delay
6600
-
registry_keyname
Steam Webhelper Standalone
-
taskscheduler_taskname
Steam Client WebHelper
-
watchdog_path
Temp\Steam Client WebHelper.exe
Signatures
-
Orcurs Rat Executable 1 IoCs
-
Orcus Main Payload 1 IoCs
-
Orcus family
Files
-
f6d66119_extracted