Overview

overview

10

Static

static

10

4ad4bd9051...b5.exe

windows7-x64

10

4ad4bd9051...b5.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    4ad4bd9051e19c3162bc66607ed93c36f806956f28d670a97c79fdba5a7cd2b5

  • Size

    914KB

  • MD5

    01ed97f5bc54257ac6e498ce01130d58

  • SHA1

    e56d2c96cec54ef14224ba12c0da975ff339ae31

  • SHA256

    4ad4bd9051e19c3162bc66607ed93c36f806956f28d670a97c79fdba5a7cd2b5

  • SHA512

    4da6c329b4455299a9b450ad2734f7adb2237b527391449ef2b6c963105e024bd32914325056c50237b2ce7a613fefac29fd75e8e4571a0aba854b4fa513df9c

  • SSDEEP

    12288:AoHWszy2LkjKgEX0pq5g7dG1lFlWcYT70pxnnaaoawBm7cfpCt6IV64RrZNrI0Au:yeu4MROxnFYCrZlI0AilFEvxHiNlZ

Score
10/10
orcus

Malware Config

Extracted

Family

orcus

C2

raiday.ml:7936

Mutex

8f9ad032680b48e4921e3dead6b0b2ce

Attributes
  • autostart_method

    TaskScheduler

  • enable_keylogger

    true

  • install_path

    %appdata%\Java\javaUpdate.exe

  • reconnect_delay

    10000

  • registry_keyname

    JavaUpate

  • taskscheduler_taskname

    JavaUpate

  • watchdog_path

    AppData\OrcusWatchdog.exe

Signatures

  • Orcurs Rat Executable 1 IoCs
  • Orcus family
    orcus
  • Orcus main payload 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 4ad4bd9051e19c3162bc66607ed93c36f806956f28d670a97c79fdba5a7cd2b5
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections