Overview

overview

10

Static

static

10

e20b67a9df...14.exe

windows7-x64

10

e20b67a9df...14.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    e20b67a9dffdc09f9a77a9859a8fd5c8ae37afb556da53c83ff17bd823756514

  • Size

    903KB

  • MD5

    3c28f4ff180a9be27104ba71508bb16f

  • SHA1

    cd25285f0201cd7ce7ec1a5e3ef834f90e30d9dc

  • SHA256

    e20b67a9dffdc09f9a77a9859a8fd5c8ae37afb556da53c83ff17bd823756514

  • SHA512

    f840696670e2f2b41669a1dbf932dc85cb90a45ebfbc17dae2e7aeedfe5a6109fbd9e3651cbf61c8316d5766b36f9f2ea4ebbeb20c26e1291858a2f3a1c3fa3d

  • SSDEEP

    12288:c0XCGPSX0zbyD+ndg+QCImGYUl9qyzlkE2kUNCBfm9rR6W7BaepBwzo7dG1lFlWh:xam4MROxnF4OVrrcI0AilFEvxHP2ooh

Score
10/10
orcus

Malware Config

Extracted

Family

orcus

C2

192.168.244.153:10134

Mutex

498924e5cb1c47f2abfc3edb97747fb4

Attributes
  • autostart_method

    Disable

  • enable_keylogger

    false

  • install_path

    %programfiles%\Orcus\Orcus.exe

  • reconnect_delay

    10000

  • registry_keyname

    Orcus

  • taskscheduler_taskname

    Orcus

  • watchdog_path

    AppData\OrcusWatchdog.exe

Signatures

  • Orcurs Rat Executable 1 IoCs
  • Orcus family
    orcus
  • Orcus main payload 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • e20b67a9dffdc09f9a77a9859a8fd5c8ae37afb556da53c83ff17bd823756514
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections