Overview

overview

10

Static

static

10

586ee7a180...e5.exe

windows7-x64

10

586ee7a180...e5.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    586ee7a1806b903c8bbd849fac7f084ec49c5cdc10d7dbfb0322a0e8c9ce46e5

  • Size

    912KB

  • MD5

    7357d6bd692d5f33708fce3f9477a6c5

  • SHA1

    ebc37ee7242f855642e1d8b26eb99b6633954e5b

  • SHA256

    586ee7a1806b903c8bbd849fac7f084ec49c5cdc10d7dbfb0322a0e8c9ce46e5

  • SHA512

    1464c638cc51308c88a0a2f23bfc20dc458b137e9827cdc6e723f8eb465f68e0dfad08a71355f8e3bf8b66d4c0bba0f66cd1f407d46f7f62b6c03fd76ce292da

  • SSDEEP

    24576:HkL94MROxnFe3IdOrrcI0AilFEvxHPWvood:EWMiw9rrcI0AilFEvxHP

Score
10/10
orcus

Malware Config

Extracted

Family

orcus

C2

192.168.1.72:6969

Mutex

5a53ca42f4194cad8f3e25b8b9bf56df

Attributes
  • autostart_method

    TaskScheduler

  • enable_keylogger

    true

  • install_path

    %programfiles%\Orcus\Orcus.exe

  • reconnect_delay

    10000

  • registry_keyname

    Orcus

  • taskscheduler_taskname

    Orcus

  • watchdog_path

    AppData\WindowsDefender.exe

Signatures

  • Orcurs Rat Executable 1 IoCs
  • Orcus family
    orcus
  • Orcus main payload 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 586ee7a1806b903c8bbd849fac7f084ec49c5cdc10d7dbfb0322a0e8c9ce46e5
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections