Analysis
-
max time kernel
135s -
max time network
146s -
platform
windows7_x64 -
resource
win7-20240705-en -
resource tags
arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system -
submitted
25-07-2024 16:59
Static task
static1
Behavioral task
behavioral1
Sample
1e0ffae5da870acc85c8be93b44aee8d07c1fe1811d03d608225aff9816b5d3d.exe
Resource
win7-20240705-en
General
-
Target
1e0ffae5da870acc85c8be93b44aee8d07c1fe1811d03d608225aff9816b5d3d.exe
-
Size
1.0MB
-
MD5
3cbe692d9a0c395dabd70e96986d53b5
-
SHA1
cf495ae9f11d7cbe1cfb8051684fe3c95e9615b8
-
SHA256
1e0ffae5da870acc85c8be93b44aee8d07c1fe1811d03d608225aff9816b5d3d
-
SHA512
ef82faa953f3ebff013841954a65b40e726692f0798ca84767e20354e344e40a0ba82723248364aafab91f839200c7bd20863c9e81e1134c43158144420c2485
-
SSDEEP
24576:/3veFbXAD9zWi4MxO6m6b/fYLGACf9Dtc2PykywO+://etqzXOu1Ff9DtTyM9
Malware Config
Extracted
orcus
45.157.69.156:443
3b453ed253424c82a94898f42bb6a1be
-
autostart_method
Disable
-
enable_keylogger
false
-
install_path
%programfiles%\Orcus\Orcus.exe
-
reconnect_delay
10000
-
registry_keyname
Orcus
-
taskscheduler_taskname
Orcus
-
watchdog_path
AppData\OrcusWatchdog.exe
Signatures
-
Orcurs Rat Executable 1 IoCs
Processes:
resource yara_rule behavioral1/memory/2436-2-0x000000001BCF0000-0x000000001BDD8000-memory.dmp orcus -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
1e0ffae5da870acc85c8be93b44aee8d07c1fe1811d03d608225aff9816b5d3d.exedescription pid Process Token: SeDebugPrivilege 2436 1e0ffae5da870acc85c8be93b44aee8d07c1fe1811d03d608225aff9816b5d3d.exe