General
-
Target
58db1f0299b71c3912d3805ed68879ee55cb52ccbbffa186322beebfba70f1a5
-
Size
905KB
-
Sample
240209-bd7wdsfc25
-
MD5
6b7766d0c0759dd92ee68643e76d711c
-
SHA1
096fc8582d58e3652b2079687486c2bc17da275f
-
SHA256
58db1f0299b71c3912d3805ed68879ee55cb52ccbbffa186322beebfba70f1a5
-
SHA512
8232afa19eb3994db1210ce53142c610857b6664c3d45a342463f85d4674d7b32f81bde621c49208aed77bd06a8d01fa16c75169a269448826d122dfdd5419fb
-
SSDEEP
24576:EW64MROxnFj3zBukhrrcI0AilFEvxHP/oo0:EKMi1cqrrcI0AilFEvxHP
Behavioral task
behavioral1
Sample
58db1f0299b71c3912d3805ed68879ee55cb52ccbbffa186322beebfba70f1a5.exe
Resource
win7-20231215-en
Malware Config
Extracted
orcus
obfuscated.us:8080
41fdffd0276c4314a5a934c62fb1022f
-
autostart_method
Registry
-
enable_keylogger
true
-
install_path
%programfiles%\System\System
-
reconnect_delay
10000
-
registry_keyname
System32
-
taskscheduler_taskname
System32
-
watchdog_path
AppData\System.exe
Targets
-
-
Target
58db1f0299b71c3912d3805ed68879ee55cb52ccbbffa186322beebfba70f1a5
-
Size
905KB
-
MD5
6b7766d0c0759dd92ee68643e76d711c
-
SHA1
096fc8582d58e3652b2079687486c2bc17da275f
-
SHA256
58db1f0299b71c3912d3805ed68879ee55cb52ccbbffa186322beebfba70f1a5
-
SHA512
8232afa19eb3994db1210ce53142c610857b6664c3d45a342463f85d4674d7b32f81bde621c49208aed77bd06a8d01fa16c75169a269448826d122dfdd5419fb
-
SSDEEP
24576:EW64MROxnFj3zBukhrrcI0AilFEvxHP/oo0:EKMi1cqrrcI0AilFEvxHP
-
Orcus main payload
-
Orcurs Rat Executable
-