Overview

overview

10

Static

static

10

ddad33460b...60.exe

windows7-x64

10

ddad33460b...60.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ddad33460be1dfc2c1739e69a6be544049fb471346c489da162926ef44acfe60.zip

  • Size

    587KB

  • MD5

    32fb004f6f9b11926725fb875479dd8e

  • SHA1

    5443f49e5f111cb7bbd6b7aea6c039e0daa2911a

  • SHA256

    144947ddb462ddbdb8a4f1e3fdca9278e268e5fb918f154897477776676cdf7a

  • SHA512

    d95f77bf685fc6c6668eb25e65ea8b346adfb6440f10b95b6c4e4bc0866acead0744097f3f9a9376cc82a66586c2a9ad793ef5c478048254c386c3ede7cbd643

  • SSDEEP

    12288:XwlXNwE4as62IibxMOv1fVMnHPLi65AuBML2e4z4TXmqYtR:AcEmea51fVKTT5pML2e24jmF

Score
10/10
orcus

Malware Config

Extracted

Family

orcus

C2

4.tcp.eu.ngrok.io:16452

Mutex

1b704d0841c7486288b6ef5dfe82a084

Attributes
  • autostart_method

    Registry

  • enable_keylogger

    false

  • install_path

    C:\Program Files\Windows NT\TableTextService\en-US\english.exe

  • reconnect_delay

    10000

  • registry_keyname

    svchost

  • taskscheduler_taskname

    Cortana

  • watchdog_path

    AppData\WindowsDefender.exe

Signatures

  • Orcurs Rat Executable 1 IoCs
  • Orcus family
    orcus
  • Orcus main payload 1 IoCs

Files

  • ddad33460be1dfc2c1739e69a6be544049fb471346c489da162926ef44acfe60.zip
    .zip

    Password: infected

  • ddad33460be1dfc2c1739e69a6be544049fb471346c489da162926ef44acfe60.exe
    .exe windows x86

    Password: infected

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections