Overview

overview

10

Static

static

10

a2f907c266...c1.exe

windows7-x64

10

a2f907c266...c1.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    a2f907c266545a94eae6e4280db8663c181859488ff401865d424938100ba1c1

  • Size

    914KB

  • MD5

    a68ab18039efa77c4735732a21aa8976

  • SHA1

    c699ba16e5a72df3cf849c6c3d17e2ee1500dae8

  • SHA256

    a2f907c266545a94eae6e4280db8663c181859488ff401865d424938100ba1c1

  • SHA512

    d179f5419ba7fe5f40c23682abceef6e45173dc63ff701d98e992ee8690744b812baff41aa091079913388b6671a04ea2de507c4bc49dc24d526ca49f305c43b

  • SSDEEP

    24576:E6A4MROxnFR3aTnYrZlI0AilFEvxHiOv:E6jMij3rZlI0AilFEvxHi

Score
10/10
orcus

Malware Config

Extracted

Family

orcus

C2

178.20.45.159:7777

Mutex

ae93da0c80cb4317b841222aa09ba08b

Attributes
  • autostart_method

    Registry

  • enable_keylogger

    false

  • install_path

    %temp%\Discord\Discord.exe

  • reconnect_delay

    10000

  • registry_keyname

    Discord

  • taskscheduler_taskname

    Discord

  • watchdog_path

    Temp\Discord.exe

Signatures

  • Orcurs Rat Executable 1 IoCs
  • Orcus family
    orcus
  • Orcus main payload 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • a2f907c266545a94eae6e4280db8663c181859488ff401865d424938100ba1c1
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections