Overview

overview

10

Static

static

10

file.exe

windows7-x64

10

file.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    file.exe

  • Size

    5.0MB

  • MD5

    72a422fba2b26a75fdf719d54282d4de

  • SHA1

    d7fd2c2bc6d3f503fcab6b1466a267fc146751c7

  • SHA256

    83b50b30ae99a3348ab5195f89e78103aec652ad2907d111a14b553504703599

  • SHA512

    2c7392f5be3803a1a28e697503a45530eba52b9b2a95c3f6abb8ce74bf0709cdf7f90cd2019a6144e6ffe99660bd9a4199ac43defd01974303c832caacaf432d

  • SSDEEP

    12288:uoHWszy2LkjKgEX0pq5g7dG1lFlWcYT70pxnnaaoawBm7cfpLF9VV64QrZNrI0AG:Ieu4MROxnFJrZlI0AilFEvxHiVP

Score
10/10
orcus

Malware Config

Extracted

Family

orcus

C2

209.25.141.181:28100

Mutex

38a401803f6f4031aa30666b17f0d0ad

Attributes
  • autostart_method

    TaskScheduler

  • enable_keylogger

    false

  • install_path

    %programfiles%\Orcus\Orcus.exe

  • reconnect_delay

    10000

  • registry_keyname

    Orcus

  • taskscheduler_taskname

    Orcus

  • watchdog_path

    AppData\OrcusWatchdog.exe

Signatures

  • Orcurs Rat Executable 1 IoCs
  • Orcus family
    orcus
  • Orcus main payload 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • file.exe
    .exe windows x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections