Overview

overview

10

Static

static

10

6674e2ead3...a8.exe

windows7-x64

10

6674e2ead3...a8.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    6674e2ead304c41d38effe65cec119e7c9a78384cf1116fe75d125635b1b84a8

  • Size

    3.0MB

  • MD5

    49ba53d64a6d5616c46c5553384a7468

  • SHA1

    2e8f7f9dae0e3b26f32e0efd531e9013b190b526

  • SHA256

    6674e2ead304c41d38effe65cec119e7c9a78384cf1116fe75d125635b1b84a8

  • SHA512

    6661afb1a406807b827a4981dc4e64400722cdabdac78e69c69e21a32b8174c59a6229c2de8302f0506f0c3e4862440387e6c86a7f54393b2ec9df5a9c1c2d88

  • SSDEEP

    49152:jKHEKO3T5adZKM0sz5otCeEvsDKx+msbfGGW8wlBKJwAypQxbxEo9JnCmmMUrrzl:j6tODUKTslWp2MpbfGGilIJPypSbxEor

Score
10/10
orcus

Malware Config

Extracted

Family

orcus

C2

194.33.87.67:7707

Mutex

4a1a70b8d5d94664a8633a424a158904

Attributes
  • autostart_method

    TaskScheduler

  • enable_keylogger

    false

  • install_path

    %programfiles%\Orcus\svchost.exe

  • reconnect_delay

    10000

  • registry_keyname

    svchost

  • taskscheduler_taskname

    svchost

  • watchdog_path

    AppData\OrcusWatchdog.exe

Signatures

  • Orcurs Rat Executable 1 IoCs
  • Orcus family
    orcus
  • Orcus main payload 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 6674e2ead304c41d38effe65cec119e7c9a78384cf1116fe75d125635b1b84a8
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections