General

  • Target

    29fbbdb392bbbd33f9b905d37868e9d379e0f3eea0777939c42d9e2877f250bb

  • Size

    5.0MB

  • MD5

    b49a2bf6b7e1f66880eb1f370266955a

  • SHA1

    a7e0eb86e23b971c504be4a786c40f127f7398ff

  • SHA256

    29fbbdb392bbbd33f9b905d37868e9d379e0f3eea0777939c42d9e2877f250bb

  • SHA512

    b9aee1f61e201e620582ba44750aeb034483a92239f096035bc92c6009112ae378de2d4338ebc0c195b53ad2f18c8c31186797a476ef9a1e41aca61af8990800

  • SSDEEP

    24576:i9Hs4MROxnF95bYmfFhQYrZlI0AilFEvxHi3e:qH/MiKYrZlI0AilFEvxHi

Score
10/10

Malware Config

Extracted

Family

orcus

Botnet

lox

C2

95.153.160.110:10134

Mutex

58155183df844e28b9bf67e2c053a83c

Attributes
  • autostart_method

    TaskScheduler

  • enable_keylogger

    false

  • install_path

    %programfiles%\razdorinc\razdoredge.exe

  • reconnect_delay

    10000

  • registry_keyname

    MicrosoftEdgeUpdater

  • taskscheduler_taskname

    MicrosoftEdgeUpdater1

  • watchdog_path

    AppData\OrcusWatchdog.exe

Signatures

  • Orcurs Rat Executable 1 IoCs
  • Orcus family
  • Orcus main payload 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 29fbbdb392bbbd33f9b905d37868e9d379e0f3eea0777939c42d9e2877f250bb
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections