Overview

overview

10

Static

static

10

fb84dd4ac2...84.exe

windows7-x64

10

fb84dd4ac2...84.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    fb84dd4ac25fc62b6eb922badaa84c53d71639c89903d155bc11304bea0df984

  • Size

    3.1MB

  • MD5

    5f5733f2d10d4c7540cfad004a1a66a3

  • SHA1

    2d937253d9ac339e5d636af50cd8429ccac39977

  • SHA256

    fb84dd4ac25fc62b6eb922badaa84c53d71639c89903d155bc11304bea0df984

  • SHA512

    ee577e31ef7dd5d2a47891d86bfe45a88aba154c6b291b7008f1f8ff8d3dde943b056927dd337c6c74aa0e21f7d9868909f1841686d6306e9bbd14b83512c736

  • SSDEEP

    98304:1VtODUKTslWp2MpbfGGilIJPypSbxEo9JCmV:UUKTtEgNilIJPypSbJCi

Score
10/10
pdforcus

Malware Config

Extracted

Family

orcus

Botnet

PDF

C2

192.168.0.100:10134

Mutex

4c02bb39af5f434ea8ccdf8d1d4c4bc9

Attributes
  • autostart_method

    Registry

  • enable_keylogger

    true

  • install_path

    %programfiles%\pdf\pdf

  • reconnect_delay

    10000

  • registry_keyname

    pdf

  • taskscheduler_taskname

    pdf

  • watchdog_path

    AppData\PDF

Signatures

  • Orcurs Rat Executable 1 IoCs
  • Orcus family
    orcus
  • Orcus main payload 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • fb84dd4ac25fc62b6eb922badaa84c53d71639c89903d155bc11304bea0df984
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections