General

  • Target

    Rc7-Cracked.zip

  • Size

    4.9MB

  • MD5

    9605ddef6446ab7108378f4dbe737909

  • SHA1

    55bf0a1e7fdc3d3207557a26bdaf3b97b20d294b

  • SHA256

    1d2bd211b2cb977bbb59c139387096ab73e1496eb5f6ad1237d8fe7878124872

  • SHA512

    c1b2e5ee1f59efee0c7fe085d0b6f433aefe8562d11520d411dfe6dcc1720160b0fb87b97dbb82b5e684609e5c2094bdc33a455a8706670cf36607628ff73506

  • SSDEEP

    98304:/HdQSqS2hHDypUVSBjlGZTqP+eRDaolDmAhOiV170HM3kP2/wJzFi5e:VTmAuVqwZTMlRjlDd0iVV0s3b0oE

Score
10/10

Malware Config

Extracted

Family

orcus

C2

wowthatsagoodmeme.ddns.net:10134

Mutex

4be6c8113962424a916b8095b89af0c9

Attributes
  • autostart_method

    Registry

  • enable_keylogger

    true

  • install_path

    %appdata%\WlNDOWS DEFENDER\UPDATER.exe

  • reconnect_delay

    10000

  • registry_keyname

    Wlndows Defender

  • taskscheduler_taskname

    Orcus

  • watchdog_path

    AppData\%appdata%/WlNDOWS DEFENDER/WlNDOWS DEFENDER UPDATER.exe

Signatures

  • Orcurs Rat Executable 1 IoCs
  • Orcus family
  • Orcus main payload 1 IoCs
  • VMProtect packed file 1 IoCs

    Detects executables packed with VMProtect commercial packer.

  • Unsigned PE 2 IoCs

    Checks for missing Authenticode signature.

Files

  • Rc7-Cracked.zip
    .zip
  • Rc7 - Cracked/Rc7- Cracked by Roque Exploitzz.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections

  • Rc7 - Cracked/Rc7.dll
    .dll windows:6 windows x86 arch:x86


    Headers

    Sections