Overview

overview

10

Static

static

10

029e1ac599...8d.exe

windows7-x64

10

029e1ac599...8d.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    029e1ac599d7cce9e16d0eaba1e35bfb8622c38e59e09e6e3bf7a7fcdb30118d

  • Size

    913KB

  • MD5

    7297f472ec693d328134a78c372c916e

  • SHA1

    c48c7c3e596385f97ac5aea8c9771a94c2719fef

  • SHA256

    029e1ac599d7cce9e16d0eaba1e35bfb8622c38e59e09e6e3bf7a7fcdb30118d

  • SHA512

    407849388bdd46df5423ebebb4e5bfe02e38582a95556a558b23aeef68b4679a562f756cb4c976ed3d851bc805dc697948d907a0d5d27630e9d6adb89527cdfd

  • SSDEEP

    12288:C0XCGPSX0zbyD+ndg+QCImGYUl9qyzlkE2kUNCOMpiAkTfYjSp2y5NU7dG1lFlWI:eo84MROxnFtCVBrrcI0AilFEvxHjxQz

Score
10/10
orcus

Malware Config

Extracted

Family

orcus

C2

nonamedc.mcv.kr:8080

Mutex

fcca7214f2cf43aa90403230957e4103

Attributes
  • autostart_method

    Disable

  • enable_keylogger

    true

  • install_path

    %programfiles%\Orcus\Orcus.exe

  • reconnect_delay

    10000

  • registry_keyname

    Orcus

  • taskscheduler_taskname

    Orcus

  • watchdog_path

    AppData\OrcusWatchdog.exe

Signatures

  • Orcurs Rat Executable 1 IoCs
  • Orcus family
    orcus
  • Orcus main payload 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 029e1ac599d7cce9e16d0eaba1e35bfb8622c38e59e09e6e3bf7a7fcdb30118d
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections