Overview

overview

10

Static

static

10

d7081dc3a2...98.exe

windows7-x64

10

d7081dc3a2...98.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    d7081dc3a2bc02eff25d14498894f4cd20a2e5d038982260db33cecdad9ae298

  • Size

    1024KB

  • MD5

    7f43775bbea4255378b7954db32eeaf0

  • SHA1

    99181d2d28c9b2edd228767ad5189471e3ffeb1c

  • SHA256

    d7081dc3a2bc02eff25d14498894f4cd20a2e5d038982260db33cecdad9ae298

  • SHA512

    f30bb3119586d52dcd7090c1a9bfa36d7b0a8c9eedf9b327021f982ba420fc85f56c493436c5331f214c6e29bfd9fc7d36f5d383ba9c6851c0fd06b12f164363

  • SSDEEP

    24576:KDg4MROxnFl3BsPeMrZlI0AilFEvxHi1Ez:KDDMirUrZlI0AilFEvxHi1

Score
10/10
orcus

Malware Config

Extracted

Family

orcus

C2

asd1ad2.duckdns.org:10132

Mutex

3c9c048e435b42f19a02232a2570301a

Attributes
  • autostart_method

    Registry

  • enable_keylogger

    true

  • install_path

    c:\INTEL\INTEL.exe

  • reconnect_delay

    10000

  • registry_keyname

    AUDIO

  • taskscheduler_taskname

    VIDEO

  • watchdog_path

    AppData\win10.exe

Signatures

  • Orcurs Rat Executable 1 IoCs
  • Orcus family
    orcus
  • Orcus main payload 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • d7081dc3a2bc02eff25d14498894f4cd20a2e5d038982260db33cecdad9ae298
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections