Overview

overview

10

Static

static

10

0daab45c6e...58.exe

windows7_x64

1

0daab45c6e...58.exe

windows10-2004_x64

6

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0daab45c6eac476ff814f8f5d5a34bdbfab09d673878ce21774ffdc122e16658

  • Size

    907KB

  • MD5

    bcd5ffb00134d19c5c3aa9de7b8db9bd

  • SHA1

    dc0fc76a09f2dadcbbd2350703463264c74dbb6d

  • SHA256

    0daab45c6eac476ff814f8f5d5a34bdbfab09d673878ce21774ffdc122e16658

  • SHA512

    0111a7f671415f96ee32a9eeb190bbf57c185b4d2c007b57cc2fafab3f225fe9b8fdc0e49ca9c80cc6040b004e7efa98b2a4b26248d22e76ea7676de10819f6b

  • SSDEEP

    24576:zOb04MROxnFegHFrZlI0AilFEvxHif+Y:zObMiPFrZlI0AilFEvxHi

Score
10/10
spooferorcus

Malware Config

Extracted

Family

orcus

Botnet

Spoofer

C2

192.168.68.103:10134

Mutex

e94e8afe28a24a80ab033a0e96e3c0c3

Attributes
  • autostart_method

    Disable

  • enable_keylogger

    false

  • install_path

    %programfiles%\Orcus\Orcus.exe

  • reconnect_delay

    10000

  • registry_keyname

    Orcus

  • taskscheduler_taskname

    Orcus

  • watchdog_path

    AppData\OrcusWatchdog.exe

Signatures

  • Orcurs Rat Executable 1 IoCs
  • Orcus Main Payload 1 IoCs
  • Orcus family
    orcus

Files

  • 0daab45c6eac476ff814f8f5d5a34bdbfab09d673878ce21774ffdc122e16658
    .exe windows x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections