General
-
Target
75af63185c79dbface5db3bebe13b2e457a764b520cf6da9678eb8501c3e61d1
-
Size
914KB
-
MD5
8f4a262076a343c306b3e45a01c0a532
-
SHA1
ffd57f1068cf5f7acb5f359b5e1a947ab04ab186
-
SHA256
75af63185c79dbface5db3bebe13b2e457a764b520cf6da9678eb8501c3e61d1
-
SHA512
4fae8619281c39c729ce787536a3013377b74005d299666ec615e125be28c2505721d7a33c802c07a461f3e76180c7eac99c46c608818b439eb90f8dbef3ff8e
-
SSDEEP
24576:vk84MROxnFR3NRirZlI0AilFEvxHi985o:vkPMijirZlI0AilFEvxHi
Score
10/10
Malware Config
Extracted
Family
orcus
Botnet
lox
C2
8.tcp.ngrok.io:14334
Mutex
97a795082d1b4d009c62ffc5af327057
Attributes
-
autostart_method
TaskScheduler
-
enable_keylogger
false
-
install_path
%programfiles%\Orcus\Orcus.exe
-
reconnect_delay
10000
-
registry_keyname
Orcus
-
taskscheduler_taskname
Orcus
-
watchdog_path
AppData\OrcusWatchdog.exe
Signatures
-
Orcurs Rat Executable 1 IoCs
-
Orcus family
-
Orcus main payload 1 IoCs
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Files
-
75af63185c79dbface5db3bebe13b2e457a764b520cf6da9678eb8501c3e61d1
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
Imports
Sections