Overview

overview

10

Static

static

10

5bbb532d2d...6d.exe

windows7-x64

10

5bbb532d2d...6d.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    5bbb532d2d23b0abd1b3240152b7f9c9ac3a4d5ae253b7ae2274846dd3bb666d

  • Size

    3.0MB

  • MD5

    7dd07f373d4bc47347cd0743618cac7f

  • SHA1

    074c87b3fc109ca9f180358851f7c211892dd3c3

  • SHA256

    5bbb532d2d23b0abd1b3240152b7f9c9ac3a4d5ae253b7ae2274846dd3bb666d

  • SHA512

    30061a0d440ba2a76ea505fd7f50f5855f0066285561d40032b6d5519e533822e1a286984b0c1a89e48301808712531dadaa3546134f23b81280fe50d505ec5f

  • SSDEEP

    49152:mM0AonuvKFmwLGZeM9/dFQMDjjzKCkElU+fPONM6WAypQxb1o9JnCmwBBWncFfLf:VNCFmwLvEeMDjnpHfP56xypSb1o9JCm

Score
10/10
retardorcus

Malware Config

Extracted

Family

orcus

Botnet

Retard

C2

80.85.140.103:10134

Mutex

ed7c1a835a9e49369718a92d23138588

Attributes
  • autostart_method

    Registry

  • enable_keylogger

    false

  • install_path

    %programfiles%\$CUM_sv\$CUM_svhost.exe

  • reconnect_delay

    10000

  • registry_keyname

    $CUM_svkey

  • taskscheduler_taskname

    $CUM_svtask

  • watchdog_path

    AppData\$CUM_svchostwatch.exe

Signatures

  • Orcurs Rat Executable 1 IoCs
  • Orcus family
    orcus
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 5bbb532d2d23b0abd1b3240152b7f9c9ac3a4d5ae253b7ae2274846dd3bb666d
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections