Overview

overview

10

Static

static

10

f43b05e365...13.exe

windows7-x64

1

f43b05e365...13.exe

windows10-2004-x64

6

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f43b05e365e1ec3ac9c7367077739e5dd0ab70e7a09d0734f5ae99644867af13

  • Size

    5.0MB

  • MD5

    a4c8388b79175063b36531780617feb2

  • SHA1

    c2632a879a67fdbdc81e4f80b22e36147366102a

  • SHA256

    f43b05e365e1ec3ac9c7367077739e5dd0ab70e7a09d0734f5ae99644867af13

  • SHA512

    313ec442deefe8ff5c56543bad8a3088e984fad6d38f7740f068108e2278f1d1afa70a19c39a09f9fce3f57aa88e2aba2f840f66481f6fda1a966c17884d2428

  • SSDEEP

    24576:zqI4MROxnFj3rxXFHXRrZlI0AilFEvxHiHlT:zqrMi1lRhrZlI0AilFEvxHi

Score
10/10
cheatorcus

Malware Config

Extracted

Family

orcus

Botnet

cheat

C2

192.168.56.128:5585

Mutex

b51b1460674b46fea82ddcf69a838bf9

Attributes
  • autostart_method

    Registry

  • enable_keylogger

    false

  • install_path

    %programfiles%\Orcus\runtimewebhost.exe

  • reconnect_delay

    10000

  • registry_keyname

    Wave

  • taskscheduler_taskname

    svchost

  • watchdog_path

    Temp\OrcusWatchdog.exe

Signatures

  • Orcurs Rat Executable 1 IoCs
  • Orcus family
    orcus
  • Orcus main payload 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • f43b05e365e1ec3ac9c7367077739e5dd0ab70e7a09d0734f5ae99644867af13
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections