General
-
Target
3bd353d01e2b09b9946252019f590ec2ccc796595643abbd872c8a80af3ad865
-
Size
901KB
-
MD5
f4c374a8073d702d0e07e5c1e0ddd4f3
-
SHA1
65f8e44e1c1ab3e76e8779d8aea74d9799ce51af
-
SHA256
3bd353d01e2b09b9946252019f590ec2ccc796595643abbd872c8a80af3ad865
-
SHA512
91083c9160d1a2d827a697c7d57264785a58165506ffa901ae0e0dcc1a608941a9e6af843c3b9e6e2ec78f0b062eb944fdc3b75ac819169f5d60c284eaaab273
-
SSDEEP
12288:i0XCGPSX0zbyD+ndg+QCImGYUl9qyzlkE2kUNCi4cbd43b76kepA+v17dG1lFlWE:rk84MROxnFbHrrcI0AilFEvxHPeooY
Score
10/10
Malware Config
Extracted
Family
orcus
C2
127.0.0.1:5050
Mutex
8850492e8ae843c6b2e6d32afecf32bd
Attributes
-
autostart_method
Disable
-
enable_keylogger
false
-
install_path
%programfiles%\Orcus\Orcus.exe
-
reconnect_delay
10000
-
registry_keyname
Orcus
-
taskscheduler_taskname
Orcus
-
watchdog_path
AppData\OrcusWatchdog.exe
Signatures
-
Orcurs Rat Executable 1 IoCs
-
Orcus family
-
Orcus main payload 1 IoCs
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Files
-
3bd353d01e2b09b9946252019f590ec2ccc796595643abbd872c8a80af3ad865
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
Imports
Sections