General
-
Target
8b2ca1a1879fe9669b1fccc9fbb251726eec1ea7778a54caae9fa5fea174e5d5
-
Size
903KB
-
MD5
e5a4b747d15e4c512c491ad36eae1f04
-
SHA1
d834c934b7faec5c2b85087f42e46dc14a2f210a
-
SHA256
8b2ca1a1879fe9669b1fccc9fbb251726eec1ea7778a54caae9fa5fea174e5d5
-
SHA512
7f1c9bcf66f04090e6bc6af2a12c99c2c1a61208a9728eb686e58d6380bdfd7316dda7ac81f7e29f93ff0ea152b58685f9fcd5ba124d54662788747f09969024
-
SSDEEP
12288:d0XCGPSX0zbyD+ndg+QCImGYUl9qyzlkE2kUNCJnlOEJCOce3B/epR8wQD7dG1lc:/VWC4MROxnFwHrrcI0AilFEvxHP9ooN
Score
10/10
Malware Config
Extracted
Family
orcus
C2
31.220.90.137:10134
Mutex
da6205b9b8894880b8bec0cf54d3043c
Attributes
-
autostart_method
Registry
-
enable_keylogger
false
-
install_path
%temp%\Microsoft\Desktop Window Manager.exe
-
reconnect_delay
10000
-
registry_keyname
SecurityHealthSystray
-
taskscheduler_taskname
Update
-
watchdog_path
AppData\OrcusWatchdog.exe
Signatures
-
Orcurs Rat Executable 1 IoCs
-
Orcus family
-
Orcus main payload 1 IoCs
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Files
-
8b2ca1a1879fe9669b1fccc9fbb251726eec1ea7778a54caae9fa5fea174e5d5
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
Imports
Sections