orcus | 1780430ff5ad71b8c89b9c59d2924b16cb7fd07da479b8b394846c792f7523cb | Triage

Sharing

General

Target

1780430ff5ad71b8c89b9c59d2924b16cb7fd07da479b8b394846c792f7523cb
Size

916KB
MD5

ac0431f34683bcbbb2cf23aaf29ea8cf
SHA1

275ec0e362cb074d5f080aaa41c25a8ecebe3205
SHA256

1780430ff5ad71b8c89b9c59d2924b16cb7fd07da479b8b394846c792f7523cb
SHA512

156da3158d29d293daf9a74cf04d855ec162836fef87473afcc861688630f2da01234e1f40a4f84235ba457c0a6ae1770c3cc55fb0375cbea6813d0186a87b9c
SSDEEP

24576:r6w4MROxnFD3674S4xrZlI0AilFEvxHiBO:r6TMiJtrZlI0AilFEvxHi

Score

10^/10

orcus

Malware Config

Extracted

Family

orcus

C2

146.70.143.176:81

Mutex

712d31c7a3f54904a08d968a15b836e9

Attributes

autostart_method
Registry
enable_keylogger
false
install_path
%programfiles%\orc\orc.exe
reconnect_delay
10000
registry_keyname
orc
taskscheduler_taskname
orc
watchdog_path
AppData\Watchdog.exe

Signatures

Orcurs Rat Executable 1 IoCs

resource	yara_rule
sample	orcus

Orcus family
orcus

Orcus main payload 1 IoCs

resource	yara_rule
sample	family_orcus

Files

1780430ff5ad71b8c89b9c59d2924b16cb7fd07da479b8b394846c792f7523cb
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 911KB - Virtual size: 911KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ