General

  • Target

    9f0112d3238fea7397c5641f9e4bda829257030638d12e6c7568f79988e8cc16

  • Size

    1.1MB

  • MD5

    f6ccd7d54c0d360846211977110a7c20

  • SHA1

    be26eb65426c1ac5a4b45d6493cc3c810f6a2419

  • SHA256

    9f0112d3238fea7397c5641f9e4bda829257030638d12e6c7568f79988e8cc16

  • SHA512

    8c208674cbb6947db7f67150382124d0665d9fbb3ae0770fce88bbfa8ccb160cdb68e56a0d7416d60b242354524cbd05a8ccbc83a87adb75e9bd60845f5ad190

  • SSDEEP

    24576:FD9O4MROxnFE30dc1RurZlI0AilFEvxHi6G:FhNMiuHburZlI0AilFEvxHi

Score
10/10

Malware Config

Extracted

Family

orcus

C2

6.tcp.eu.ngrok.io:12457

Mutex

bff5c852ae7b4868a2aa18ea8de24aa3

Attributes
  • autostart_method

    TaskScheduler

  • enable_keylogger

    false

  • install_path

    %programfiles%\svchost\svchost.exe

  • reconnect_delay

    10000

  • registry_keyname

    asaas

  • taskscheduler_taskname

    svchost.exe

  • watchdog_path

    AppData\svchost.exe

Signatures

  • Orcurs Rat Executable 1 IoCs
  • Orcus family
  • Orcus main payload 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 9f0112d3238fea7397c5641f9e4bda829257030638d12e6c7568f79988e8cc16
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections