Overview

overview

10

Static

static

10

936d8514d7...58.exe

windows7-x64

10

936d8514d7...58.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    936d8514d749535de5ecc732662bd282b5a0efd38667996f585b34f9b1a8d558.exe

  • Size

    934KB

  • MD5

    0ae9037ccf0ec15a0f1c15a53ee2a2c5

  • SHA1

    2a682b2357329d786e1b0f0f2f8c30aa9f984444

  • SHA256

    936d8514d749535de5ecc732662bd282b5a0efd38667996f585b34f9b1a8d558

  • SHA512

    ceaeea58565bb8151ce39b43e4f1c74a8f0bbfa84b62b9211d8713b7291212dc475b627918b0eb1f294a776da767f5e35071a014a3a3e8c6d1a78a5f112db29d

  • SSDEEP

    24576:sRP4MROxnFSx3NUPrrcI0AilFEvxHP9Tgook:syMiYJNUPrrcI0AilFEvxHPJ

Score
10/10
orcus

Malware Config

Extracted

Family

orcus

C2

5.tcp.eu.ngrok.io:11720

Mutex

5f51b4303bf4453eb591ad936578c144

Attributes
  • autostart_method

    Registry

  • enable_keylogger

    true

  • install_path

    %programfiles%\Win32\UpdateSystem32.exe

  • reconnect_delay

    10000

  • registry_keyname

    svUpdate

  • taskscheduler_taskname

    svgost

  • watchdog_path

    AppData\Windows Defender.exe

Signatures

  • Orcurs Rat Executable 1 IoCs
  • Orcus family
    orcus
  • Orcus main payload 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 936d8514d749535de5ecc732662bd282b5a0efd38667996f585b34f9b1a8d558.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections