Overview

overview

10

Static

static

10

6d06740fbd...88.exe

windows7-x64

10

6d06740fbd...88.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    6d06740fbd595b66c802c2c32fbef399cc1b3dfec45722b67534bf597ee7a388.zip

  • Size

    645KB

  • MD5

    72ea7eccb0b6c7cf2e223da35c8770fa

  • SHA1

    cb52dc3fc48a089631dd9c777a2176391410fdfd

  • SHA256

    91015de41dfac3f4592a6ccb718c3bfe2a32e45266fa9f5cb071ba101b5108f5

  • SHA512

    30b24f4df1244760e10567d0df22b530012c33de05d5e895e8fc7ca1d5e4d95d24e74e965b5f6d5a6d183357a55fb97ad5d5f6654358629801903571fdbf1ae5

  • SSDEEP

    12288:F1DbXpam/KdZPT/vQkW8+9t1LBZPUlC0FXndMRMCZUkZu5umcs/:FRbqvDokV6tpAnntCiJj/

Score
10/10
orcus

Malware Config

Extracted

Family

orcus

C2

4.tcp.eu.ngrok.io:16452

Mutex

e54e0edc2b17490a830bf852d09713b4

Attributes
  • autostart_method

    TaskScheduler

  • enable_keylogger

    false

  • install_path

    C:\Windows\Microsoft.NET\Framework64\svchost.exe

  • reconnect_delay

    10000

  • registry_keyname

    win64host

  • taskscheduler_taskname

    win64def

  • watchdog_path

    AppData\svchost.exe

Signatures

  • Orcurs Rat Executable 1 IoCs
  • Orcus family
    orcus
  • Orcus main payload 1 IoCs

Files

  • 6d06740fbd595b66c802c2c32fbef399cc1b3dfec45722b67534bf597ee7a388.zip
    .zip

    Password: infected

  • 6d06740fbd595b66c802c2c32fbef399cc1b3dfec45722b67534bf597ee7a388.exe
    .exe windows x86

    Password: infected

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections