General

  • Target

    9f2151b2fd626d5139a7a292b4faffdedcc45346953b0ce71fa281615e6f350a.zip

  • Size

    603KB

  • MD5

    7d343f2f5421f3f11c2c1723da499d00

  • SHA1

    ce4bb41ccfcc4672e0dee6fa6537c8014170c712

  • SHA256

    01f56f5b9cbf11c762203f02b75d7e8e6e4b3e07862d1e8f974df48f4d910746

  • SHA512

    2b942ca6895561477a9d69b9f8396e9663a8872b34af7991a8a3061e4ab5771b70a101046963e673d25a52eb378cfce965f3175c5f8b96852f6e1cd39728c5c3

  • SSDEEP

    12288:PgSKg//CRbFh8zkrUzuZpkTMsXSa9RQdLtyTDF:PHKqFzkYzs8DXCdLot

Score
10/10

Malware Config

Extracted

Family

orcus

C2

147.185.221.229:56094

Mutex

0a90560fd1de4ef0859fc02bececce78

Attributes
  • autostart_method

    Registry

  • enable_keylogger

    true

  • install_path

    %programfiles%\svhost\svhost.exe

  • reconnect_delay

    10000

  • registry_keyname

    Orcus

  • taskscheduler_taskname

    Orcus

  • watchdog_path

    AppData\svhost.exe

Signatures

  • Orcurs Rat Executable 1 IoCs
  • Orcus family
  • Orcus main payload 1 IoCs

Files

  • 9f2151b2fd626d5139a7a292b4faffdedcc45346953b0ce71fa281615e6f350a.zip
    .zip

    Password: infected

  • 9f2151b2fd626d5139a7a292b4faffdedcc45346953b0ce71fa281615e6f350a.exe
    .exe windows x86

    Password: infected

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections