General

  • Target

    75adc1b60a73e4006a31f578792521dcf9b6f3f6febb46a473cb671b12c2e99a

  • Size

    903KB

  • Sample

    240211-bmntwaah31

  • MD5

    45faff149e3392d2701bb2b4c943fa1e

  • SHA1

    e8ccf6e4c0dea19bea2c51e7a4bedfcfc2b4555b

  • SHA256

    75adc1b60a73e4006a31f578792521dcf9b6f3f6febb46a473cb671b12c2e99a

  • SHA512

    b4268d4bc98bab3a518bd66ab6813a251dc91b24f5a71dcd45afb29f105b39fb2c296fc931f3dc963bb978745dfb0c68226aa490ef356a0304dd69a15f2c2632

  • SSDEEP

    12288:8TUZ/Y95eo6L4ce7dG1lFlWcYT70pxnnaaoawZRVcTqSA+9rZNrI0AilFEvxHvB7:yqI4MROxnFMLqrZlI0AilFEvxHiKlB

Score
10/10

Malware Config

Extracted

Family

orcus

C2

femboy.serveminecraft.net:4444

Mutex

1aabc735455a4ed98c426e4eefa7a07f

Attributes
  • autostart_method

    Disable

  • enable_keylogger

    false

  • install_path

    %programfiles%\Orcus\Orcus.exe

  • reconnect_delay

    10000

  • registry_keyname

    Orcus

  • taskscheduler_taskname

    Orcus

  • watchdog_path

    AppData\OrcusWatchdog.exe

Targets

    • Target

      75adc1b60a73e4006a31f578792521dcf9b6f3f6febb46a473cb671b12c2e99a

    • Size

      903KB

    • MD5

      45faff149e3392d2701bb2b4c943fa1e

    • SHA1

      e8ccf6e4c0dea19bea2c51e7a4bedfcfc2b4555b

    • SHA256

      75adc1b60a73e4006a31f578792521dcf9b6f3f6febb46a473cb671b12c2e99a

    • SHA512

      b4268d4bc98bab3a518bd66ab6813a251dc91b24f5a71dcd45afb29f105b39fb2c296fc931f3dc963bb978745dfb0c68226aa490ef356a0304dd69a15f2c2632

    • SSDEEP

      12288:8TUZ/Y95eo6L4ce7dG1lFlWcYT70pxnnaaoawZRVcTqSA+9rZNrI0AilFEvxHvB7:yqI4MROxnFMLqrZlI0AilFEvxHiKlB

    Score
    6/10
    • Drops desktop.ini file(s)

MITRE ATT&CK Matrix

Tasks