Overview

overview

10

Static

static

10

built.exe

windows7-x64

10

built.exe

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

  • Target

    built.exe

  • Size

    924KB

  • MD5

    2cc1bcb59a48c4c467ec3faed998e0a2

  • SHA1

    31180fd879360f22e3f9fd40461794aabbf5a137

  • SHA256

    4c2251b7b5712650f739fc99a198c987b768c9ed4ebf731cc7bd002c9ca356a1

  • SHA512

    ed97876032f4f2abb2683d9e1ed1a9fc7f58c5cf44b15b54ccf28f45e6f310f2c87011a571d306dedd1c138d3eea5cd30e0071fff72cc0081304376db1d9e74b

  • SSDEEP

    24576:ypw4MROxnF8h7OAHrZlI0AilFEvxHiPr:ypTMiatrZlI0AilFEvxHi

Score
10/10
orcus

Malware Config

Extracted

Family

orcus

C2

104.158.167.45:10134

Mutex

8ee4f14c31594a0483685fad93ecd422

Attributes
  • autostart_method

    Registry

  • enable_keylogger

    true

  • install_path

    %tmp%\5b2chswe.3wj\DiscordTemp.exe

  • reconnect_delay

    10000

  • registry_keyname

    DiscordStartup

  • taskscheduler_taskname

    Orcus

  • watchdog_path

    AppData\OrcusWatchdog.exe

Signatures

  • Orcurs Rat Executable 1 IoCs
  • Orcus family
    orcus
  • Orcus main payload 1 IoCs

Files

  • built.exe
    .exe windows x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections