Overview

overview

10

Static

static

10

7c51e504a6...88.exe

windows7-x64

10

7c51e504a6...88.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    7c51e504a6379030d767d1ee2a9eaf377a14522582158ee0aa61457668e3dd88

  • Size

    910KB

  • MD5

    3296a08107a5983e53f82d08f9d86009

  • SHA1

    c64102c98aad244674d18e23b703998517b9cc2d

  • SHA256

    7c51e504a6379030d767d1ee2a9eaf377a14522582158ee0aa61457668e3dd88

  • SHA512

    10c9bc956d103f342b6837c7dfe5ef9ad43253bf459d15eb12d97c84a7d91ca9ad4254ecdb7fe97a5da905f908829483a0bf956f4d1cde63dcaeaeaea4322f58

  • SSDEEP

    12288:N5STYf+qnR7Fkxh7dG1lFlWcYT70pxnnaaoawASIh4JWVGYrZNrI0AilFEvxHvB:Thg4MROxnFp/iJwrZlI0AilFEvxHi53

Score
10/10
orcus

Malware Config

Extracted

Family

orcus

C2

5.42.92.89:10134

Mutex

b9772ed594584849bdec293a1008bc17

Attributes
  • autostart_method

    Disable

  • enable_keylogger

    false

  • install_path

    %programfiles%\Orcus\Orcus.exe

  • reconnect_delay

    10000

  • registry_keyname

    Orcus

  • taskscheduler_taskname

    Orcus

  • watchdog_path

    AppData\OrcusWatchdog.exe

Signatures

  • Orcurs Rat Executable 1 IoCs
  • Orcus family
    orcus
  • Orcus main payload 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 7c51e504a6379030d767d1ee2a9eaf377a14522582158ee0aa61457668e3dd88
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections