orcus | 29fbbdb392bbbd33f9b905d37868e9d379e0f3eea0777939c42d9e2877f250bb | Triage

Sharing

General

Target

29fbbdb392bbbd33f9b905d37868e9d379e0f3eea0777939c42d9e2877f250bb
Size

5.0MB
Sample

240716-bfsjgs1ala
MD5

b49a2bf6b7e1f66880eb1f370266955a
SHA1

a7e0eb86e23b971c504be4a786c40f127f7398ff
SHA256

29fbbdb392bbbd33f9b905d37868e9d379e0f3eea0777939c42d9e2877f250bb
SHA512

b9aee1f61e201e620582ba44750aeb034483a92239f096035bc92c6009112ae378de2d4338ebc0c195b53ad2f18c8c31186797a476ef9a1e41aca61af8990800
SSDEEP

24576:i9Hs4MROxnF95bYmfFhQYrZlI0AilFEvxHi3e:qH/MiKYrZlI0AilFEvxHi

Score

10^/10

orcus lox

Malware Config

Extracted

Family

orcus

Botnet

lox

C2

95.153.160.110:10134

Mutex

58155183df844e28b9bf67e2c053a83c

Attributes

autostart_method
TaskScheduler
enable_keylogger
false
install_path
%programfiles%\razdorinc\razdoredge.exe
reconnect_delay
10000
registry_keyname
MicrosoftEdgeUpdater
taskscheduler_taskname
MicrosoftEdgeUpdater1
watchdog_path
AppData\OrcusWatchdog.exe

Targets

- Target
  
  29fbbdb392bbbd33f9b905d37868e9d379e0f3eea0777939c42d9e2877f250bb
- Size
  
  5.0MB
- MD5
  
  b49a2bf6b7e1f66880eb1f370266955a
- SHA1
  
  a7e0eb86e23b971c504be4a786c40f127f7398ff
- SHA256
  
  29fbbdb392bbbd33f9b905d37868e9d379e0f3eea0777939c42d9e2877f250bb
- SHA512
  
  b9aee1f61e201e620582ba44750aeb034483a92239f096035bc92c6009112ae378de2d4338ebc0c195b53ad2f18c8c31186797a476ef9a1e41aca61af8990800
- SSDEEP
  
  24576:i9Hs4MROxnF95bYmfFhQYrZlI0AilFEvxHi3e:qH/MiKYrZlI0AilFEvxHi
Score

6^/10
- Drops desktop.ini file(s)
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2