orcus | 3E40414D3D75B88373027C33BBE22E90A6EF7FDF7C98B[.]exe | Triage

Sharing

General

Target

3E40414D3D75B88373027C33BBE22E90A6EF7FDF7C98B.exe
Size

2.0MB
MD5

1827c3deb2f17ab048cbfd62e3bbd861
SHA1

89f978070089ef8b477dfa653724150f2e7f7417
SHA256

3e40414d3d75b88373027c33bbe22e90a6ef7fdf7c98b8b6e8a8e51b4b781a56
SHA512

fef79fff23736f404b8a38895f1f729deae7341b9e8ad7266f5ed761250ab3afa1f8e8485086417367cb6a81179a2e80cca7e279f3082722f7f96b00ef0f0e2a

Score

10^/10

orcus

Malware Config

Extracted

Family

orcus

C2

3.143.239.116:10134

Mutex

e39a4bc6c5f84fd588c4a3159c804f42

Attributes

autostart_method
Registry
enable_keylogger
true
install_path
%programfiles%\Orcus\Orcus.exe
reconnect_delay
10000
registry_keyname
Chrome
taskscheduler_taskname
Orcus
watchdog_path
Temp\OrcusWatchdog.exe

Signatures

Orcurs Rat Executable 1 IoCs

Processes:

resource yara_rule

sample orcus
Orcus Main Payload 1 IoCs

Processes:

resource yara_rule

sample family_orcus
Orcus family
orcus

Files

3E40414D3D75B88373027C33BBE22E90A6EF7FDF7C98B.exe
.exe windows x86