Overview

overview

10

Static

static

10

301d88f83f...a9.exe

windows7-x64

10

301d88f83f...a9.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    301d88f83f5800294372ff8a4979c5f5202c90932e4d809c806c9fc523d110a9

  • Size

    5.0MB

  • MD5

    b607b65f2f04ba8c74c9a7d24123ff99

  • SHA1

    72627487ac75468dbc8edf82c0fd60f331a4a12e

  • SHA256

    301d88f83f5800294372ff8a4979c5f5202c90932e4d809c806c9fc523d110a9

  • SHA512

    7d57517d632eb16baaba10fd24b00d65706b19609b5fc87d733146cd3d3efc2237dc0299cfbedddc09db2357d21680653a3c204cd274b42762c2264a64578fdc

  • SSDEEP

    24576:CGbU4MROxnFh/iJkrZlI0AilFEvxHie0wo:CGbHMi/K2rZlI0AilFEvxHied

Score
10/10
checkerorcus

Malware Config

Extracted

Family

orcus

Botnet

checker

C2

6.tcp.eu.ngrok.io:17073

Mutex

077191c972bb45f5b3faee6e24b24b80

Attributes
  • autostart_method

    Registry

  • enable_keylogger

    true

  • install_path

    %programfiles%\Orcus\Orcus.exe

  • reconnect_delay

    10000

  • registry_keyname

    Orcus3

  • taskscheduler_taskname

    windows

  • watchdog_path

    AppData\OrcusWatchdog.exe

Signatures

  • Orcurs Rat Executable 1 IoCs
  • Orcus family
    orcus
  • Orcus main payload 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 301d88f83f5800294372ff8a4979c5f5202c90932e4d809c806c9fc523d110a9
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections