Overview

overview

10

Static

static

10

2632-120-0...ry.exe

windows7-x64

2632-120-0...ry.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

  • Target

    2632-120-0x00000000002B0000-0x000000000039C000-memory.dmp

  • Size

    944KB

  • MD5

    f5efbbc1289ca67a1bb5fbda031c9a09

  • SHA1

    05824b5d2e67c20aa2082958e43e1531d39ac0cc

  • SHA256

    6883b47a45f9a29961c1b418c9b31895d4995d8106843a6206bb4059ad7ad009

  • SHA512

    7ee4492daa0f71d1e428274fd6f3a5509f6575688ead8a5e0283fb75db3d113f593775b8d2d146309f13fca9fe228fbe73238f9821bcb34a334b4acab66754dd

  • SSDEEP

    24576:p554MROxnFH3WRM4RrrcI0AilFEvxHPQooR:pQMihWlRrrcI0AilFEvxHP

Score
10/10
telagayorcus

Malware Config

Extracted

Family

orcus

Botnet

telagay

C2

15.235.3.1:2000

Mutex

f78739b68c194610b47c0056d74ec090

Attributes
  • autostart_method

    Registry

  • enable_keylogger

    true

  • install_path

    %programfiles%\ChromeUpdater\Updt.exe

  • reconnect_delay

    10000

  • registry_keyname

    ChormeUpdt

  • taskscheduler_taskname

    ChromeUpdt

  • watchdog_path

    AppData\svchosts.exe

Signatures

  • Orcurs Rat Executable 1 IoCs
  • Orcus family
    orcus
  • Orcus main payload 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 2632-120-0x00000000002B0000-0x000000000039C000-memory.dmp
    .exe windows:4 windows x86 arch:x86


    Headers

    Sections