General
-
Target
1b19c6662d0ccd72f6b8abca39b6e6abfcd3d4ad874042247deec002eda7f421
-
Size
912KB
-
MD5
ed773203c47d0ab65d0a6bafd4f56f0c
-
SHA1
11578290084ce2bc4377948ec626cdd119176bbb
-
SHA256
1b19c6662d0ccd72f6b8abca39b6e6abfcd3d4ad874042247deec002eda7f421
-
SHA512
cb1338dade558a387a4b2a0de06bf93c90b163dae32f629be64e175157b06f0f4800d0f6f056f2ac9fb4aa688fd9d80a6aecf006359c7f1fbc2a887d5657417f
-
SSDEEP
24576:nam4MROxnFrFPurerrcI0AilFEvxHPWoop:nOMiMerrcI0AilFEvxHP
Score
10/10
Malware Config
Extracted
Family
orcus
Botnet
client
C2
192.168.1.174:10134
Mutex
e254cea4a76c43ebb69ab45ba95a4fa5
Attributes
-
autostart_method
Disable
-
enable_keylogger
true
-
install_path
%programfiles%\Orcus\Orcus.exe
-
reconnect_delay
10000
-
registry_keyname
Orcus
-
taskscheduler_taskname
Orcus
-
watchdog_path
AppData\OrcusWatchdog.exe
Signatures
-
Orcurs Rat Executable 1 IoCs
-
Orcus family
-
Orcus main payload 1 IoCs
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Files
-
1b19c6662d0ccd72f6b8abca39b6e6abfcd3d4ad874042247deec002eda7f421
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
Imports
Sections