General
-
Target
60F75F3F9255307C65A56AD10D14C79C.exe
-
Size
917KB
-
Sample
210620-3kdnpzkwne
-
MD5
60f75f3f9255307c65a56ad10d14c79c
-
SHA1
8eea51686ab6f338b13011adc4ccd724238daac1
-
SHA256
83ee132d4ae14e9a0963af00c2a937d70da63d696bfbbcbc4e1b5d976beeb4a7
-
SHA512
8e2a9f9484abfcc075ddb9e20305e0e9ef612b365570713b09ba3882e52e9b790f998958898a73b19baff5ec0b759faedce431b53e4fd9c1aec7095735e7ddfa
Malware Config
Extracted
orcus
eblan
orcustop4ik.duckdns.org:777
1ccc713a8fed4f97bdd7c792b7cfe3e1
-
autostart_method
TaskScheduler
-
enable_keylogger
true
-
install_path
%Windir%\WindowsWD\Windowsdefender.exe
-
reconnect_delay
10000
-
registry_keyname
MyPhone
-
taskscheduler_taskname
MyPhone
-
watchdog_path
AppData\WindowsVH\svhost.exe
Targets
-
-
Target
60F75F3F9255307C65A56AD10D14C79C.exe
-
Size
917KB
-
MD5
60f75f3f9255307c65a56ad10d14c79c
-
SHA1
8eea51686ab6f338b13011adc4ccd724238daac1
-
SHA256
83ee132d4ae14e9a0963af00c2a937d70da63d696bfbbcbc4e1b5d976beeb4a7
-
SHA512
8e2a9f9484abfcc075ddb9e20305e0e9ef612b365570713b09ba3882e52e9b790f998958898a73b19baff5ec0b759faedce431b53e4fd9c1aec7095735e7ddfa
Score10/10-
Orcus
Orcus is a Remote Access Trojan that is being sold on underground forums.
-
Orcus Main Payload
-
Orcurs Rat Executable
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-