Overview

overview

10

Static

static

10

4b632ccdd0...61.exe

windows7-x64

10

4b632ccdd0...61.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    fd560527411b6fc1dec327027f1b6a51.bin

  • Size

    2.7MB

  • MD5

    bb56fd07e8bb5c56a77bce0a1a9ba431

  • SHA1

    a4d61323b6c2f7aa9f046ccfcca2d1c117af9fc0

  • SHA256

    3586b07b498415fbdf659709a104e771a6fde297f370b1a48f79dac09d9431b2

  • SHA512

    273c768c9f900d98e56d45635fc8e55692e63638c2bc133ed6b6cacc0bbe4fd20aa7faf437bb590a7fdf0df3c2e2c755be967d177f8e36a4d35d8dbc8d3ee0d1

  • SSDEEP

    49152:vjlDezNZt3kEcPRz1V4OH1AuJhfHL9a6rpeczgJ+rp6zkn/rwgNKbabOzZtbV0/:vjw73uRMS1AmRrAIp3gJ+rMzta6zXC

Score
10/10
slnorcus

Malware Config

Extracted

Family

orcus

Botnet

Sln

C2

193.138.195.211:10134

Mutex

eaf050d367294b239fe7db992d6ea4d7

Attributes
  • autostart_method

    Registry

  • enable_keylogger

    false

  • install_path

    %programfiles%\svchost.exe

  • reconnect_delay

    10000

  • registry_keyname

    svchost

  • taskscheduler_taskname

    svc host

  • watchdog_path

    AppData\svchost.exe

Signatures

  • Orcurs Rat Executable 1 IoCs
  • Orcus family
    orcus
  • Orcus main payload 1 IoCs

Files

  • fd560527411b6fc1dec327027f1b6a51.bin
    .zip

    Password: infected

  • 4b632ccdd041def4ecbaf20f41033ebcd8317ad696ccc66de1544868f1d7fb61.exe
    .exe windows x86

    Password: infected

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections