General

  • Target

    02cb3ad1448449e784cb51f4238da4fe10abe0f9e11642c32399cb2d2972cc4c

  • Size

    1.0MB

  • MD5

    b09d835b1c8bf6c5c24c5c958d8dea82

  • SHA1

    bf4511de1e9e27f76ecd3cefe1a3392b00329ac2

  • SHA256

    02cb3ad1448449e784cb51f4238da4fe10abe0f9e11642c32399cb2d2972cc4c

  • SHA512

    086605f75ff971eda077ee494b8a3dc8edda4cffa6071156638cb3d189a8cc91d1449b8dc8848df6d3a190443eb53af19ca74d55e31c8a20b4cc1feef1d9bcba

  • SSDEEP

    24576:k4I4MROxnFSx3UUDqrrcI0AilFEvxHPfMCYooE4:kaMiYJUUGrrcI0AilFEvxHPfJN

Score
10/10

Malware Config

Extracted

Family

orcus

C2

4.tcp.eu.ngrok.io:14390

Mutex

381f52cc4da947c788fee861bc207f0e

Attributes
  • autostart_method

    TaskScheduler

  • enable_keylogger

    true

  • install_path

    %programfiles%\Steam Helper\Steam.exe

  • reconnect_delay

    10000

  • registry_keyname

    UpdateSystem32

  • taskscheduler_taskname

    Системные прирывания

  • watchdog_path

    Temp\Update Defender.exe

Signatures

  • Orcurs Rat Executable 1 IoCs
  • Orcus family
  • Orcus main payload 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 02cb3ad1448449e784cb51f4238da4fe10abe0f9e11642c32399cb2d2972cc4c
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections