General

  • Target

    932cb9ca236e1e8c6740d9db01410778

  • Size

    924KB

  • MD5

    932cb9ca236e1e8c6740d9db01410778

  • SHA1

    91c9efd93a353ba556a8b0acb6ffd8557756ad37

  • SHA256

    1a4284cd084b609aa03892894e379c630505b5e4b9ccfc278138d36668f4526f

  • SHA512

    675e9b5e1aec3c260d80cc4db6acdc1c877692541004ab0db1df245c6dc7c1d5c7742a2026ea7ef9b13f81cc73aa1ff3d98ca90eb9cf097bf04c54df75327f42

  • SSDEEP

    24576:sBB4MROxnFE3WO3XrrcI0AilFEvxHPbooR:sQMiuDXrrcI0AilFEvxHP

Score
10/10

Malware Config

Extracted

Family

orcus

Botnet

yes

C2

192.168.56.1:10134

Mutex

1b7ce9defeb04df0a5b7ca29bd8e43e6

Attributes
  • autostart_method

    Registry

  • enable_keylogger

    true

  • install_path

    %programfiles%\Orcus\Orcus.exe

  • reconnect_delay

    10000

  • registry_keyname

    Orcus

  • taskscheduler_taskname

    Orcus

  • watchdog_path

    Temp\OrcusWatchdog.exe

Signatures

  • Orcurs Rat Executable 1 IoCs
  • Orcus family
  • Orcus main payload 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 932cb9ca236e1e8c6740d9db01410778
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections