General
-
Target
25BE4FB3B1C478E02194503047AC838A.exe
-
Size
911KB
-
MD5
25be4fb3b1c478e02194503047ac838a
-
SHA1
a4223aa801bae210d077ea9c30835bdd3a82aa22
-
SHA256
28506529f97de0d6a877427c102e62425f63c764dd2d55f4510dcc5d49335085
-
SHA512
67cf89cd1d3592044d878f4876a2f7a2a2e8412ec13c16b977b2ba8512cd94970c8058479e39c436691d1c95f3c795feb9ce464cbb4923bf8e12b74c03f71df6
Score
10/10
Malware Config
Extracted
Family
orcus
C2
74.201.28.60:4296
Mutex
Hysteria4
Attributes
-
autostart_method
Registry
-
enable_keylogger
false
-
install_path
%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\O\WindowsUserApplicationData.exe
-
reconnect_delay
10000
-
registry_keyname
Hysteria
-
taskscheduler_taskname
Hysteria
-
watchdog_path
AppData\WindowsUserApplicationData.exe
Signatures
-
Orcurs Rat Executable 1 IoCs
-
Orcus Main Payload 1 IoCs
-
Orcus family
Files
-
25BE4FB3B1C478E02194503047AC838A.exe