Overview

overview

10

Static

static

10

25BE4FB3B1...8A.exe

windows7_x64

10

25BE4FB3B1...8A.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    25BE4FB3B1C478E02194503047AC838A.exe

  • Size

    911KB

  • MD5

    25be4fb3b1c478e02194503047ac838a

  • SHA1

    a4223aa801bae210d077ea9c30835bdd3a82aa22

  • SHA256

    28506529f97de0d6a877427c102e62425f63c764dd2d55f4510dcc5d49335085

  • SHA512

    67cf89cd1d3592044d878f4876a2f7a2a2e8412ec13c16b977b2ba8512cd94970c8058479e39c436691d1c95f3c795feb9ce464cbb4923bf8e12b74c03f71df6

Score
10/10
orcus

Malware Config

Extracted

Family

orcus

C2

74.201.28.60:4296

Mutex

Hysteria4

Attributes
  • autostart_method

    Registry

  • enable_keylogger

    false

  • install_path

    %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\O\WindowsUserApplicationData.exe

  • reconnect_delay

    10000

  • registry_keyname

    Hysteria

  • taskscheduler_taskname

    Hysteria

  • watchdog_path

    AppData\WindowsUserApplicationData.exe

Signatures

  • Orcurs Rat Executable 1 IoCs
  • Orcus Main Payload 1 IoCs
  • Orcus family
    orcus

Files

  • 25BE4FB3B1C478E02194503047AC838A.exe
    .exe windows x86