Overview

overview

10

Static

static

10

f5ec9c818e...6e.exe

windows7-x64

10

f5ec9c818e...6e.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f5ec9c818e5d515558f479915c1de23c803c55637825c6e8199760180bab866e.zip

  • Size

    595KB

  • MD5

    9e4c8752263f80b636d1249acd78fc5c

  • SHA1

    0eb826257af21c8ab3855229f91f8ec32911584c

  • SHA256

    30257f7538c093488cec42025711a59a5d7b9c4a6471bd22e2bedb24e26ba9ba

  • SHA512

    4bba3a72f6b31ec13d6f1dfed57b1228919c791be62e40ec89320f399df18dabce576323a62a03fc185a725b21441ff462b2ea65f7199923eff3c3053f89f264

  • SSDEEP

    12288:+vDODY2qr4BiqJXKJUCkIfxFthFxi/Wl2s0XAOE8CVRN8z:KCjMyZXiJfxFHFk/WlQXAOE8au

Score
10/10
orcus

Malware Config

Extracted

Family

orcus

C2

84.21.172.55:1339

Mutex

5e29a9dc07244cd5b38b6e685c293580

Attributes
  • autostart_method

    TaskScheduler

  • enable_keylogger

    false

  • install_path

    %programfiles%\Chrome\ChromeUpdateService.exe

  • reconnect_delay

    10000

  • registry_keyname

    Orcus

  • taskscheduler_taskname

    SmarterScreen

  • watchdog_path

    AppData\WindowsToolKit.exe

Signatures

  • Orcurs Rat Executable 1 IoCs
  • Orcus family
    orcus
  • Orcus main payload 1 IoCs

Files

  • f5ec9c818e5d515558f479915c1de23c803c55637825c6e8199760180bab866e.zip
    .zip

    Password: infected

  • f5ec9c818e5d515558f479915c1de23c803c55637825c6e8199760180bab866e.exe
    .exe windows x86

    Password: infected

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections