General
-
Target
39628f6572e6bf8683a71f66014933a5_JaffaCakes118
-
Size
2.6MB
-
Sample
240512-lcf2dshf3x
-
MD5
39628f6572e6bf8683a71f66014933a5
-
SHA1
b4641f32159cb0de61e077566e027707b8429569
-
SHA256
046fa33ef56688e34c5aa9dbaf8b673cbec5fbc2712196674403dfafd9f700ef
-
SHA512
56c30c2f86d7b08aae9bd96e93e7305a2c26b90749fd7110315ff86370a2dd0f3352be1b2b1e715d6cbdb6d9364016dacdbcf9b1d18b7c5ce523d2dfa3b34e70
-
SSDEEP
24576:I4KxV8f6044+c12Ny3tMDI0l+GjMZijmcpjjjjQnOjWLghlKh6w34kcCSC9Bzv85:6E9euqNScU+vPtSRotkDWef/Dbyp
Malware Config
Extracted
orcus
192.168.1.135:2410
7fa2f818413f42a2990b40d91a249534
-
autostart_method
Disable
-
enable_keylogger
true
-
install_path
%programfiles%\Orcus\Orcus.exe
-
reconnect_delay
10000
-
registry_keyname
Orcus
-
taskscheduler_taskname
Orcus
-
watchdog_path
AppData\OrcusWatchdog.exe
Targets
-
-
Target
39628f6572e6bf8683a71f66014933a5_JaffaCakes118
-
Size
2.6MB
-
MD5
39628f6572e6bf8683a71f66014933a5
-
SHA1
b4641f32159cb0de61e077566e027707b8429569
-
SHA256
046fa33ef56688e34c5aa9dbaf8b673cbec5fbc2712196674403dfafd9f700ef
-
SHA512
56c30c2f86d7b08aae9bd96e93e7305a2c26b90749fd7110315ff86370a2dd0f3352be1b2b1e715d6cbdb6d9364016dacdbcf9b1d18b7c5ce523d2dfa3b34e70
-
SSDEEP
24576:I4KxV8f6044+c12Ny3tMDI0l+GjMZijmcpjjjjQnOjWLghlKh6w34kcCSC9Bzv85:6E9euqNScU+vPtSRotkDWef/Dbyp
Score10/10-
Orcus
Orcus is a Remote Access Trojan that is being sold on underground forums.
-
Orcurs Rat Executable
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-