Overview

overview

10

Static

static

10

1eb18188b9...52.exe

windows7-x64

10

1eb18188b9...52.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    1eb18188b930c86dcae46173d53ed3522a96ce170eaef8349f8262ef61abf152

  • Size

    911KB

  • MD5

    cecda25495292b557b44dbd42fe9788b

  • SHA1

    bcb43e82201ace2b9b99d2c2a89c50d50995a094

  • SHA256

    1eb18188b930c86dcae46173d53ed3522a96ce170eaef8349f8262ef61abf152

  • SHA512

    3124b5453642a495e198893ec64784e63e8aad41d2166ce8e88a41dac2da71da77bcf77cd0e89f48e56a8d589fc2c2d228867b678d81ce628c43997d6ed567ac

  • SSDEEP

    24576:Weu4MROxnFl3lsPeCrZlI0AilFEvxHiJB8x:WetMirWrZlI0AilFEvxHif

Score
10/10
orcus

Malware Config

Extracted

Family

orcus

C2

172.94.54.88:1756

Mutex

8049bd2b1643480db911acd1ff56717e

Attributes
  • autostart_method

    Disable

  • enable_keylogger

    false

  • install_path

    %programfiles%\Orcus\Orcus.exe

  • reconnect_delay

    10000

  • registry_keyname

    Orcus

  • taskscheduler_taskname

    Orcus

  • watchdog_path

    AppData\OrcusWatchdog.exe

Signatures

  • Orcurs Rat Executable 1 IoCs
  • Orcus family
    orcus
  • Orcus main payload 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 1eb18188b930c86dcae46173d53ed3522a96ce170eaef8349f8262ef61abf152
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections