Overview

overview

10

Static

static

10

CortexClie...at.exe

windows7-x64

10

CortexClie...at.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    26a4b648d7469d84b65452fcc161a7909878df2685910d80085dbb9a69c2cd27

  • Size

    613KB

  • MD5

    a1679ed2c4937855207e557a7b77760f

  • SHA1

    be26e01b16cd550f2548064f922e62cfbbed19d0

  • SHA256

    26a4b648d7469d84b65452fcc161a7909878df2685910d80085dbb9a69c2cd27

  • SHA512

    f7cceadba14b8797a60b59c21f1c840fb0a59f38af48d0c2a1f441ac3c1145ed9748cb87148db8fd434f503c5f4c800f679c7a962d181b603cb9fdd5bfda2c60

  • SSDEEP

    12288:Nk6x7pPGhbMk0cYV70Afixyxdn1cami/JepdnD0OWSS0adp:Nk6x71Sh03zfixEd1P0pGO00adp

Score
10/10
orcus

Malware Config

Extracted

Family

orcus

C2

5.tcp.eu.ngrok.io:11720

Mutex

5f51b4303bf4453eb591ad936578c144

Attributes
  • autostart_method

    Registry

  • enable_keylogger

    true

  • install_path

    %programfiles%\Win32\UpdateSystem32.exe

  • reconnect_delay

    10000

  • registry_keyname

    svUpdate

  • taskscheduler_taskname

    svgost

  • watchdog_path

    AppData\Windows Defender.exe

Signatures

  • Orcurs Rat Executable 1 IoCs
  • Orcus family
    orcus
  • Orcus main payload 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 26a4b648d7469d84b65452fcc161a7909878df2685910d80085dbb9a69c2cd27
    .zip
  • CortexClient/CortexClient Privat.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections