General
-
Target
89d828ac18fb6c18636c3682c799378305d822bcca894fdbfeded9aacc828bcf
-
Size
903KB
-
Sample
240210-brtkxsfe5z
-
MD5
2f5e6a06a9e35a76e8b2ac654d64d19e
-
SHA1
56b5d806785a1103f7af07a6c7a9c9d5f9ba39fc
-
SHA256
89d828ac18fb6c18636c3682c799378305d822bcca894fdbfeded9aacc828bcf
-
SHA512
9df800b69870f5b5e0578e4a834c4c0b512d328ca85f626b4e213fcaaf11bb96f784222aca10b78e2e192f7294e14e19c3cff639db9cd52ebf3f9fcad63df9b6
-
SSDEEP
12288:X0XCGPSX0zbyD+ndg+QCImGYUl9qyzlkE2kUNCCI1e05SekqAepbQUR7dG1lFlWH:HAw4MROxnFXHrrcI0AilFEvxHPfIood
Behavioral task
behavioral1
Sample
89d828ac18fb6c18636c3682c799378305d822bcca894fdbfeded9aacc828bcf.exe
Resource
win7-20231129-en
Malware Config
Extracted
orcus
AS-SYIFA
192.168.35.215:4806
e1a3bb1e3a5d4601aa0f744b003033ee
-
autostart_method
Disable
-
enable_keylogger
true
-
install_path
%programfiles%\Orcus\Orcus.exe
-
reconnect_delay
10000
-
registry_keyname
Orcus
-
taskscheduler_taskname
Orcus
-
watchdog_path
AppData\OrcusWatchdog.exe
Targets
-
-
Target
89d828ac18fb6c18636c3682c799378305d822bcca894fdbfeded9aacc828bcf
-
Size
903KB
-
MD5
2f5e6a06a9e35a76e8b2ac654d64d19e
-
SHA1
56b5d806785a1103f7af07a6c7a9c9d5f9ba39fc
-
SHA256
89d828ac18fb6c18636c3682c799378305d822bcca894fdbfeded9aacc828bcf
-
SHA512
9df800b69870f5b5e0578e4a834c4c0b512d328ca85f626b4e213fcaaf11bb96f784222aca10b78e2e192f7294e14e19c3cff639db9cd52ebf3f9fcad63df9b6
-
SSDEEP
12288:X0XCGPSX0zbyD+ndg+QCImGYUl9qyzlkE2kUNCCI1e05SekqAepbQUR7dG1lFlWH:HAw4MROxnFXHrrcI0AilFEvxHPfIood
-
Orcurs Rat Executable
-