Overview

overview

10

Static

static

10

0daab45c6e...58.exe

windows7_x64

1

0daab45c6e...58.exe

windows10-2004_x64

6

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0daab45c6eac476ff814f8f5d5a34bdbfab09d673878ce21774ffdc122e16658

  • Size

    907KB

  • Sample

    220520-gedxlafchr

  • MD5

    bcd5ffb00134d19c5c3aa9de7b8db9bd

  • SHA1

    dc0fc76a09f2dadcbbd2350703463264c74dbb6d

  • SHA256

    0daab45c6eac476ff814f8f5d5a34bdbfab09d673878ce21774ffdc122e16658

  • SHA512

    0111a7f671415f96ee32a9eeb190bbf57c185b4d2c007b57cc2fafab3f225fe9b8fdc0e49ca9c80cc6040b004e7efa98b2a4b26248d22e76ea7676de10819f6b

Score
10/10
orcusspoofer

Malware Config

Extracted

Family

orcus

Botnet

Spoofer

C2

192.168.68.103:10134

Mutex

e94e8afe28a24a80ab033a0e96e3c0c3

Attributes
  • autostart_method

    Disable

  • enable_keylogger

    false

  • install_path

    %programfiles%\Orcus\Orcus.exe

  • reconnect_delay

    10000

  • registry_keyname

    Orcus

  • taskscheduler_taskname

    Orcus

  • watchdog_path

    AppData\OrcusWatchdog.exe

Targets

    • Target

      0daab45c6eac476ff814f8f5d5a34bdbfab09d673878ce21774ffdc122e16658

    • Size

      907KB

    • MD5

      bcd5ffb00134d19c5c3aa9de7b8db9bd

    • SHA1

      dc0fc76a09f2dadcbbd2350703463264c74dbb6d

    • SHA256

      0daab45c6eac476ff814f8f5d5a34bdbfab09d673878ce21774ffdc122e16658

    • SHA512

      0111a7f671415f96ee32a9eeb190bbf57c185b4d2c007b57cc2fafab3f225fe9b8fdc0e49ca9c80cc6040b004e7efa98b2a4b26248d22e76ea7676de10819f6b

    Score
    6/10

    • Drops desktop.ini file(s)

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks