Overview

overview

10

Static

static

10

8a84df75a2...0e.exe

windows7-x64

10

8a84df75a2...0e.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    8a84df75a293de90b0afab38e0cdd128741bd974e4721d758b6a313466c2360e

  • Size

    893KB

  • MD5

    94aaf96130087168fd841b7d1b6d1033

  • SHA1

    075a59258f1b501b2f44e800a16f676b368fb30d

  • SHA256

    8a84df75a293de90b0afab38e0cdd128741bd974e4721d758b6a313466c2360e

  • SHA512

    31d614b2e1fb50289b9ac7e283422b7700c9875606d8d6fbe870f46e5627f7cca9a37b30084158fd39ed10a00ffff549b1e0d96619c414ea11d9b53f4e6fbd5e

  • SSDEEP

    12288:1NmZ8wcD2K5hxdG1lFlWcYr70RxnnaaoaMx9C6VJudQBznRFfhIKw7I/i2JFRw:1gawcR4Mp+xnFyvy+nRFfhIK8I/i2JU

Score
10/10
orcus

Malware Config

Extracted

Family

orcus

C2

93.157.168.72:27667

Mutex

b3f6c529cb2c49bea14b8c2b795de50a

Attributes
  • autostart_method

    Registry

  • enable_keylogger

    false

  • install_path

    %programfiles%\Vape\Client.exe

  • reconnect_delay

    10000

  • registry_keyname

    GoogleChrome

  • taskscheduler_taskname

    Orcus

  • watchdog_path

    AppData\OrcusWatchdog.exe

Signatures

  • Orcurs Rat Executable 1 IoCs
  • Orcus family
    orcus
  • Orcus main payload 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 8a84df75a293de90b0afab38e0cdd128741bd974e4721d758b6a313466c2360e
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections