General
-
Target
1369f4d3d66b1ce333279f9e54a4f47361c0c5ae66399c2fb22acc0829995c85
-
Size
915KB
-
MD5
48d3087891a7bc2cf1549e6c6569cd4a
-
SHA1
caee2e268f2d77c3f6e030f2aa64af7f4891169a
-
SHA256
1369f4d3d66b1ce333279f9e54a4f47361c0c5ae66399c2fb22acc0829995c85
-
SHA512
87513e30de1856d5a0bcd6376c7d3f96e6ea876dd60db01d98c0b3e06a1880b89b0116f0c8875d820210e918d62d0692d4d2ef0b6793a9773e60fe572e3beab8
-
SSDEEP
24576:/Eqr4MROxnFi3PrkrZlI0AilFEvxHiLb:/EjMioPgrZlI0AilFEvxHi
Score
10/10
Malware Config
Extracted
Family
orcus
C2
192.168.159.129:1234
Mutex
6dc365e35f5642b78f2dbc10bb76c825
Attributes
-
autostart_method
Disable
-
enable_keylogger
false
-
install_path
%programfiles%\Orcus\Orcus.exe
-
reconnect_delay
10000
-
registry_keyname
Orcus
-
taskscheduler_taskname
Orcus
-
watchdog_path
AppData\OrcusWatchdog.exe
Signatures
-
Orcurs Rat Executable 1 IoCs
-
Orcus family
-
Orcus main payload 1 IoCs
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Files
-
1369f4d3d66b1ce333279f9e54a4f47361c0c5ae66399c2fb22acc0829995c85
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
Imports
Sections