Overview

overview

10

Static

static

10

1108-98-0x...ry.exe

windows7-x64

1108-98-0x...ry.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    1108-98-0x0000000000200000-0x0000000000B3C000-memory.dmp

  • Size

    9.2MB

  • MD5

    c2a48f3f43afd9c9c71d3c773d395942

  • SHA1

    2a923f7d6e7b44b716d4abd7a3f5ac27e54df5df

  • SHA256

    22e412e4733a77602c83d2c959a4c72b763a43a2aca7bfb388108b1a1f72ddfe

  • SHA512

    2a666f3745b5c2ec283789d37bcdcbafb2db8dbd6f5bcf45315f92be9e9dfdab5d225dc12118e834e97348199134dd3b1f456e0c17c6ebaa2c074c910232378d

  • SSDEEP

    196608:cXI5uk4y1nN+9BGawyPXRsw8VsH1eyXtDDH:JuM1N+aqXRaC82H

Score
10/10
themidapacovorcus

Malware Config

Extracted

Family

orcus

Botnet

pacov

C2

194.26.192.209:1920

Mutex

eb4259216d7440f19b9a508156fd6925

Attributes
  • autostart_method

    Registry

  • enable_keylogger

    true

  • install_path

    %programfiles%\Microsoft\svchost.exe

  • reconnect_delay

    10000

  • registry_keyname

    svchost

  • taskscheduler_taskname

    dllhost

  • watchdog_path

    AppData\svchost.exe

Signatures

  • Orcurs Rat Executable 1 IoCs
  • Orcus family
    orcus
  • Orcus main payload 1 IoCs
  • Themida packer 1 IoCs

    Detects Themida, an advanced Windows software protection system.

    themida
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 1108-98-0x0000000000200000-0x0000000000B3C000-memory.dmp
    .exe windows x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections