Overview

overview

10

Static

static

10

57ea66a57f...c5.exe

windows7-x64

10

57ea66a57f...c5.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    57ea66a57f97ecee958cca1c7379025750c23ba98ea6dcfaae17fc5f64c9d1c5

  • Size

    917KB

  • MD5

    51a72cba85e56e68571f1737a3867248

  • SHA1

    cd1343921939fb80ba0cc335f6a96e9c25f7f8a4

  • SHA256

    57ea66a57f97ecee958cca1c7379025750c23ba98ea6dcfaae17fc5f64c9d1c5

  • SHA512

    605bb27e929b9a13b697fa6edd7470339e81c6323512d329809c64930f2f2b9f2572c0f7f65d030c9fe04b9135cc286b8b15c02686fea09738a975f4d62afc5a

  • SSDEEP

    12288:WLshChMwzLdh+fF7dG1lFlWcYT70pxnnaaoawhmm6vgWrJprZNrI0AilFEvxHvB0:mLc4MROxnF664GprZlI0AilFEvxHit1

Score
10/10
orcus

Malware Config

Extracted

Family

orcus

C2

s7vety-64001.portmap.io:64001

Mutex

8f9ad032680b48e4921e3dead6b0b2ce

Attributes
  • autostart_method

    TaskScheduler

  • enable_keylogger

    true

  • install_path

    %appdata%\Java\javaUpdate.exe

  • reconnect_delay

    10000

  • registry_keyname

    JavaUpate

  • taskscheduler_taskname

    JavaUpate

  • watchdog_path

    AppData\OrcusWatchdog.exe

Signatures

  • Orcurs Rat Executable 1 IoCs
  • Orcus family
    orcus
  • Orcus main payload 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 57ea66a57f97ecee958cca1c7379025750c23ba98ea6dcfaae17fc5f64c9d1c5
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections