Overview

overview

10

Static

static

10

43bb7f5aab...56.exe

windows7-x64

10

43bb7f5aab...56.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    43bb7f5aabd3203c6fa4f65ed37c3d2d4a9ac7138439f1fdebdf3f73c3275456

  • Size

    934KB

  • MD5

    b4f9da6bb3d285ca5434e46cdf810f9a

  • SHA1

    1ce3fa7613d043cabf11ef720a2eaaf44bec515f

  • SHA256

    43bb7f5aabd3203c6fa4f65ed37c3d2d4a9ac7138439f1fdebdf3f73c3275456

  • SHA512

    44a91e305230853b20a40af4c3635e1a84b6862759f511be24b9102eb549179bcfd7c5656cfa22e7dd602f8f9ebdf754638c0f2fd1ca99e067841d78ac3abc1e

  • SSDEEP

    12288:v0XCGPSX0zbyD+ndg+QCImGYUl9qyzlkE2kUNCcy782OV5ivMprmStz07dG1lFlL:3SO4MROxnFBLrrcI0AilFEvxHjVQ4Z

Score
10/10
orcus

Malware Config

Extracted

Family

orcus

C2

s7vety-47274.portmap.host:47274

Mutex

9b66c2abf6a74042aa75c51f01b5b0dc

Attributes
  • autostart_method

    Registry

  • enable_keylogger

    false

  • install_path

    %temp%\Windows Updater\updateclient.exe

  • reconnect_delay

    10000

  • registry_keyname

    WindowsUpdater

  • taskscheduler_taskname

    Orcus

  • watchdog_path

    AppData\OrcusWatchdog.exe

Signatures

  • Orcurs Rat Executable 1 IoCs
  • Orcus family
    orcus
  • Orcus main payload 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 43bb7f5aabd3203c6fa4f65ed37c3d2d4a9ac7138439f1fdebdf3f73c3275456
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections