General
-
Target
4c073cd92c5a4c3b6bd40fb55423ad0b_JaffaCakes118
-
Size
1.9MB
-
Sample
240516-t3e6sadd91
-
MD5
4c073cd92c5a4c3b6bd40fb55423ad0b
-
SHA1
a3b16db9197db98e2a3344feff379efdb74dbbfe
-
SHA256
0242ec15a75e7567186f9b6936caee53a9a7c24d5b3302d541d44790ac716693
-
SHA512
2c6a63206fb44ba2a9445284427dd154a6682769c17765f4843d33362a168028f7870b793b6beea8a45d4330209284da425e36c025f49a396dda130aa8ff9590
-
SSDEEP
24576:NedrDOQzXK0st3/7UxN/jm90TtfM8I7P7gM9gcQ4PcHg/BG12+A9pNj5zb:NeJn6T/7Uzu0T9M77zg22aG12x/j5P
Malware Config
Extracted
orcus
127.0.0.1:10134
1169c1ec32264ab791bcec659a351540
-
autostart_method
Disable
-
enable_keylogger
true
-
install_path
%programfiles%\Orcus\Orcus.exe
-
reconnect_delay
10000
-
registry_keyname
Orcus
-
taskscheduler_taskname
Orcus
-
watchdog_path
AppData\OrcusWatchdog.exe
Targets
-
-
Target
4c073cd92c5a4c3b6bd40fb55423ad0b_JaffaCakes118
-
Size
1.9MB
-
MD5
4c073cd92c5a4c3b6bd40fb55423ad0b
-
SHA1
a3b16db9197db98e2a3344feff379efdb74dbbfe
-
SHA256
0242ec15a75e7567186f9b6936caee53a9a7c24d5b3302d541d44790ac716693
-
SHA512
2c6a63206fb44ba2a9445284427dd154a6682769c17765f4843d33362a168028f7870b793b6beea8a45d4330209284da425e36c025f49a396dda130aa8ff9590
-
SSDEEP
24576:NedrDOQzXK0st3/7UxN/jm90TtfM8I7P7gM9gcQ4PcHg/BG12+A9pNj5zb:NeJn6T/7Uzu0T9M77zg22aG12x/j5P
Score10/10-
Orcus
Orcus is a Remote Access Trojan that is being sold on underground forums.
-
Orcurs Rat Executable
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
Suspicious use of SetThreadContext
-