Overview

overview

10

Static

static

10

fa71e8ff4b...98.exe

windows7-x64

10

fa71e8ff4b...98.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    fa71e8ff4b55e788698488dd36af8cf96052613bdef2561f2008e42109ab1498

  • Size

    928KB

  • MD5

    852be380260e9eab34934a8d22f62300

  • SHA1

    dff085bad9be540980dd27f0a52b44db7075e489

  • SHA256

    fa71e8ff4b55e788698488dd36af8cf96052613bdef2561f2008e42109ab1498

  • SHA512

    2eff969ee1809b30de4087fcfa2753fa71e4ea1ea19f2a26b0ef19d6460ecd673cc9d4dbc773b4a0432e541870fc4b547582a39299bd93d4d32919aa6cfa3420

  • SSDEEP

    24576:q3s4MROxnFj3G73MJJXRrZlI0AilFEvxHiqB:q3/Mi1kOhrZlI0AilFEvxHi

Score
10/10
orcus

Malware Config

Extracted

Family

orcus

C2

uhhusk.duckdns.org:25565

Mutex

5b8e418cffd9492fa112c4b9e5a8963b

Attributes
  • autostart_method

    Registry

  • enable_keylogger

    true

  • install_path

    %appdata%\Viacoin-qt\Viacoin-qt.exe

  • reconnect_delay

    10000

  • registry_keyname

    Viacoin

  • taskscheduler_taskname

    Viacoin

  • watchdog_path

    AppData\Viacoin-qt.exe

Signatures

  • Orcurs Rat Executable 1 IoCs
  • Orcus family
    orcus
  • Orcus main payload 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • fa71e8ff4b55e788698488dd36af8cf96052613bdef2561f2008e42109ab1498
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections