General

  • Target

    a0a90308be2ade175d64360989b25ae96453fd9f15fc0edbf2745fd124f9418c

  • Size

    928KB

  • MD5

    aa3362e493dd4f9c37c77ddf6a56e730

  • SHA1

    79855a192d6e84547123031b696115523728cfdd

  • SHA256

    a0a90308be2ade175d64360989b25ae96453fd9f15fc0edbf2745fd124f9418c

  • SHA512

    eb62bc2757310c7bc8121f14ea2331599761ff1f1471d8f1bb0e1f0ca419c51813461b1d77223dfb440eb3c6bb568918b943a9f0099eb7edd27cd38bfa8915c0

  • SSDEEP

    24576:lxX4MROxnFE3SO3krrcI0AilFEvxHPYooC:l2MiuXkrrcI0AilFEvxHP

Score
10/10

Malware Config

Extracted

Family

orcus

C2

192.168.0.103:1423

Mutex

73d27aa3492b4dff9124fdf2b9be1cd4

Attributes
  • autostart_method

    TaskScheduler

  • enable_keylogger

    false

  • install_path

    %programfiles%\Orcus\Orcus.exe

  • reconnect_delay

    10000

  • registry_keyname

    Sуstem

  • taskscheduler_taskname

    Realer HD Audio Universal ...

  • watchdog_path

    AppData\driverquery.exe

Signatures

  • Orcurs Rat Executable 1 IoCs
  • Orcus family
  • Orcus main payload 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • a0a90308be2ade175d64360989b25ae96453fd9f15fc0edbf2745fd124f9418c
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections