General
-
Target
33347922f0194249dd77537608b6642e9bf4de23aff518eb7703fbba3488aecb.exe
-
Size
917KB
-
MD5
b2810f0c086813e3c39be3d5360767e9
-
SHA1
474e30bba05c9e521a0d4222ffb924b5f522d04a
-
SHA256
33347922f0194249dd77537608b6642e9bf4de23aff518eb7703fbba3488aecb
-
SHA512
be8c6c14a0dc5fdb90aacb2ae75ed91a613d806d1304d5f20c3de192208b4cb8fb9fbf881a9603f81682d900bc6db88e6f1aa9c0978633619e93821a4f35fa64
-
SSDEEP
24576:U554MROxnFH3WRM4RrrcI0AilFEvxHPQooi:UQMihWlRrrcI0AilFEvxHP
Score
10/10
Malware Config
Extracted
Family
orcus
Botnet
telagay
C2
15.235.3.1:2000
Mutex
f78739b68c194610b47c0056d74ec090
Attributes
-
autostart_method
Registry
-
enable_keylogger
true
-
install_path
%programfiles%\ChromeUpdater\Updt.exe
-
reconnect_delay
10000
-
registry_keyname
ChormeUpdt
-
taskscheduler_taskname
ChromeUpdt
-
watchdog_path
AppData\svchosts.exe
Signatures
-
Orcurs Rat Executable 1 IoCs
-
Orcus family
-
Orcus main payload 1 IoCs
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Files
-
33347922f0194249dd77537608b6642e9bf4de23aff518eb7703fbba3488aecb.exe
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
Imports
Sections