Overview

overview

10

Static

static

10

f43b05e365...13.exe

windows7-x64

1

f43b05e365...13.exe

windows10-2004-x64

6

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f43b05e365e1ec3ac9c7367077739e5dd0ab70e7a09d0734f5ae99644867af13

  • Size

    5.0MB

  • Sample

    240531-cg4tkscd48

  • MD5

    a4c8388b79175063b36531780617feb2

  • SHA1

    c2632a879a67fdbdc81e4f80b22e36147366102a

  • SHA256

    f43b05e365e1ec3ac9c7367077739e5dd0ab70e7a09d0734f5ae99644867af13

  • SHA512

    313ec442deefe8ff5c56543bad8a3088e984fad6d38f7740f068108e2278f1d1afa70a19c39a09f9fce3f57aa88e2aba2f840f66481f6fda1a966c17884d2428

  • SSDEEP

    24576:zqI4MROxnFj3rxXFHXRrZlI0AilFEvxHiHlT:zqrMi1lRhrZlI0AilFEvxHi

Score
10/10
orcuscheat

Malware Config

Extracted

Family

orcus

Botnet

cheat

C2

192.168.56.128:5585

Mutex

b51b1460674b46fea82ddcf69a838bf9

Attributes
  • autostart_method

    Registry

  • enable_keylogger

    false

  • install_path

    %programfiles%\Orcus\runtimewebhost.exe

  • reconnect_delay

    10000

  • registry_keyname

    Wave

  • taskscheduler_taskname

    svchost

  • watchdog_path

    Temp\OrcusWatchdog.exe

Targets

    • Target

      f43b05e365e1ec3ac9c7367077739e5dd0ab70e7a09d0734f5ae99644867af13

    • Size

      5.0MB

    • MD5

      a4c8388b79175063b36531780617feb2

    • SHA1

      c2632a879a67fdbdc81e4f80b22e36147366102a

    • SHA256

      f43b05e365e1ec3ac9c7367077739e5dd0ab70e7a09d0734f5ae99644867af13

    • SHA512

      313ec442deefe8ff5c56543bad8a3088e984fad6d38f7740f068108e2278f1d1afa70a19c39a09f9fce3f57aa88e2aba2f840f66481f6fda1a966c17884d2428

    • SSDEEP

      24576:zqI4MROxnFj3rxXFHXRrZlI0AilFEvxHiHlT:zqrMi1lRhrZlI0AilFEvxHi

    Score
    6/10

    • Drops desktop.ini file(s)

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks