General

  • Target

    a0f4041aee9c0195618c9a4ce20f4e68b4902fba611888287df70ae6134b57e9

  • Size

    914KB

  • MD5

    b9f085290297f38b044db9972812c826

  • SHA1

    496f122b6be87a63b68368ad4cbcad814c342672

  • SHA256

    a0f4041aee9c0195618c9a4ce20f4e68b4902fba611888287df70ae6134b57e9

  • SHA512

    f818d1cc3627e32bf30ee1a2ee6800ba858eaa08a3b5a37e9e7ac4fde545c0c1d71ff062ac9da4392ec53053521f4c336a36e6bb2e925d89e0211197f591cf01

  • SSDEEP

    24576:IDg4MROxnFR3VTnhrZlI0AilFEvxHiD0:IDDMij/rZlI0AilFEvxHi

Score
10/10

Malware Config

Extracted

Family

orcus

C2

127.0.0.1:10134

Mutex

e86fb9de8bd84a349c8c22746e22a3a3

Attributes
  • autostart_method

    Registry

  • enable_keylogger

    false

  • install_path

    %programfiles%\DataStorage\DataStddforage.exe

  • reconnect_delay

    10000

  • registry_keyname

    DatfghdfaStorages

  • taskscheduler_taskname

    DataStdfhorage

  • watchdog_path

    AppData\DataStoragdse.exe

Signatures

  • Orcurs Rat Executable 1 IoCs
  • Orcus family
  • Orcus main payload 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • a0f4041aee9c0195618c9a4ce20f4e68b4902fba611888287df70ae6134b57e9
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections