Analysis
-
max time kernel
143s -
max time network
150s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
10-03-2024 02:04
General
-
Target
48b056045850eae418d1f7cb38bafdc25e7360c91b1c969516a0bfe79bef3fb6.exe
-
Size
992KB
-
MD5
20f50c1bbbacedd57628abb629b7432f
-
SHA1
56115918c013a7896623e629c838be623369fb2e
-
SHA256
48b056045850eae418d1f7cb38bafdc25e7360c91b1c969516a0bfe79bef3fb6
-
SHA512
b0c127715f3af78b8f1abb15207a043e25ad1c779568bda2330ebcea01b9b940c52513e909141ca21bca50ac0c30975771239af99183d394d9759d54e0692efb
-
SSDEEP
24576:qT0l/vj1YY16la0Ufc47i51a2ZUKiikPaoZJirFT:m0lnZn0UTG3FKKtkPRJgT
Score
10/10
Malware Config
Extracted
Family
orcus
C2
45.204.82.103:6606
Mutex
c137f83daf6641cd8f12b4695c8f209e
Attributes
-
autostart_method
Disable
-
enable_keylogger
false
-
install_path
%programfiles%\Orcus\Orcus.exe
-
reconnect_delay
10000
-
registry_keyname
Orcus
-
taskscheduler_taskname
Orcus
-
watchdog_path
AppData\OrcusWatchdog.exe
Signatures
-
Orcus
Orcus is a Remote Access Trojan that is being sold on underground forums.
-
Orcurs Rat Executable 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\48b056045850eae418d1f7cb38bafdc25e7360c91b1c969516a0bfe79bef3fb6.exe"C:\Users\Admin\AppData\Local\Temp\48b056045850eae418d1f7cb38bafdc25e7360c91b1c969516a0bfe79bef3fb6.exe"1⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1000KB
-
Filesize
9.9MB
-
Filesize
9.9MB
-
Filesize
1.7MB
-
Filesize
928KB
-
Filesize
512KB
-
Filesize
368KB
-
Filesize
56KB
-
Filesize
72KB
-
Filesize
96KB
-
Filesize
64KB
-
Filesize
1.7MB
-
Filesize
512KB