Overview

overview

10

Static

static

10

d3ebc38f1b...29.exe

windows7-x64

10

d3ebc38f1b...29.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    d3ebc38f1bf79e075733d65f3fb11a3248c4299136b6fa90e2d4de970f6ece29

  • Size

    906KB

  • MD5

    2205c76112af16e6dc22a44090960133

  • SHA1

    644812fdc6417d67c0948cb9e05f57065ffa1b5f

  • SHA256

    d3ebc38f1bf79e075733d65f3fb11a3248c4299136b6fa90e2d4de970f6ece29

  • SHA512

    2f9b1302cc0453eeb9ca7a2b591af92bc69c36dcbab73d5eefd745b5cb3ab725033c72e71cc791ec46bd1c3a30f301322b6478e040cdc2d79e21cc2ba98dbb75

  • SSDEEP

    24576:4Vj4MROxnFdpSxXS4rrcI0AilFEvxHPyvPool:4yMiZKS4rrcI0AilFEvxHPyv

Score
10/10
kisorcus

Malware Config

Extracted

Family

orcus

Botnet

kis

C2

127.0.0.1:10134

Mutex

0c12ecf630c14ec9be47954dd7b37575

Attributes
  • autostart_method

    Disable

  • enable_keylogger

    true

  • install_path

    %programfiles%\Orcus\Orcus.exe

  • reconnect_delay

    10000

  • registry_keyname

    Orcus

  • taskscheduler_taskname

    Orcus

  • watchdog_path

    AppData\OrcusWatchdog.exe

Signatures

  • Orcurs Rat Executable 1 IoCs
  • Orcus family
    orcus
  • Orcus main payload 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • d3ebc38f1bf79e075733d65f3fb11a3248c4299136b6fa90e2d4de970f6ece29
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections