General
-
Target
34355b3d89ac60f47fed9cd47d54f3e16affc3ee14a2f0c8b9ab5b36869fec0d
-
Size
910KB
-
MD5
7e7d364eec2e5415407d5cb278359b1b
-
SHA1
613ca7a56c928b4f1e95a135e7da5998af728e8b
-
SHA256
34355b3d89ac60f47fed9cd47d54f3e16affc3ee14a2f0c8b9ab5b36869fec0d
-
SHA512
fd32d1184f2ee4f537a2cef99f1b12eafd18360c8d9b5bb85c268bb6bf80d780568f90153f002bfc35375fe43c2bc16606f22d096bdc57b26dd42d2950c6b4d7
-
SSDEEP
12288:WRzyAHWSkJ6ZBy37dG1lFlWcYT70pxnnaaoawxSIh4BBpGfrZNrI0AilFEvxHvBZ:Bk84MROxnFw/iWrZlI0AilFEvxHiSAa
Score
10/10
Malware Config
Extracted
Family
orcus
Botnet
sedefd
C2
172.29.128.1:10134
Mutex
5c986bf1adbe4828a0ecff40fd90be14
Attributes
-
autostart_method
Disable
-
enable_keylogger
true
-
install_path
%programfiles%\Orcus\Orcus.exe
-
reconnect_delay
10000
-
registry_keyname
Orcus
-
taskscheduler_taskname
Orcus
-
watchdog_path
AppData\OrcusWatchdog.exe
Signatures
-
Orcurs Rat Executable 1 IoCs
-
Orcus family
-
Orcus main payload 1 IoCs
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Files
-
34355b3d89ac60f47fed9cd47d54f3e16affc3ee14a2f0c8b9ab5b36869fec0d
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
Imports
Sections