General
-
Target
23e97c543db02964647d9adf354be9fc4506be3fb6a600fc4d77f69480659bc4
-
Size
920KB
-
MD5
753505f665835e0f8542f83252d8251c
-
SHA1
880a37b15bec07ce4ff748fb2e8d138754c8b636
-
SHA256
23e97c543db02964647d9adf354be9fc4506be3fb6a600fc4d77f69480659bc4
-
SHA512
91d69bcd0b6dd9e096a31db9c3778432088c69e6d329c12bba7e1803bf0dd7325338d42c76d0b6cb6a8e954a0e931754a3c7cc2f07b7c8b21700ac9b6ad9137c
-
SSDEEP
24576:iD54MROxnFt34cirrcI0AilFEvxHPf8oom:iSMijgrrcI0AilFEvxHP
Score
10/10
Malware Config
Extracted
Family
orcus
Botnet
777
C2
10.86.6.129:3333
Mutex
bc671c436af448dd952335335bfcb715
Attributes
-
autostart_method
TaskScheduler
-
enable_keylogger
true
-
install_path
%programfiles%\Orcus\Orcus.exe
-
reconnect_delay
10000
-
registry_keyname
Orcus
-
taskscheduler_taskname
Windows Start
-
watchdog_path
AppData\WindowsUpdate.exe
Signatures
-
Orcurs Rat Executable 1 IoCs
-
Orcus family
-
Orcus main payload 1 IoCs
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Files
-
23e97c543db02964647d9adf354be9fc4506be3fb6a600fc4d77f69480659bc4
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
Imports
Sections