Overview

overview

10

Static

static

10

windows.exe

windows7-x64

6

windows.exe

windows10-1703-x64

6

windows.exe

windows10-2004-x64

6

windows.exe

windows11-21h2-x64

6

Resubmissions

28-07-2024 09:32

240728-lh334stalh 10

28-07-2024 09:29

240728-lf31bsshnd 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    windows.exe

  • Size

    913KB

  • Sample

    240728-lf31bsshnd

  • MD5

    4c30c907584baa7c1931a3a83ba69149

  • SHA1

    09d3887d9895189a49930a61aea8c788b1ad1c0e

  • SHA256

    afc180f84398fdf09969b61c538dd1b7d2259fba43b44a5ed00dac386df7a046

  • SHA512

    1f581850f9722153d760f6a0f125b71aae3b87546c851a26674cc37ec76b13e39f8abc93a77e1d32fdfe906fa80945fbfb9774cb002dadd922b629879c9246cc

  • SSDEEP

    24576:1Eqr4MROxnF25bYmfFhQ3rZlI0AilFEvxHil71B:1EjMiz3rZlI0AilFEvxHi

Score
10/10
orcusdiscovery

Malware Config

Extracted

Family

orcus

C2

0.tcp.eu.ngrok.io:12863

Mutex

66e10069bf334043882c3a304dfd504d

Attributes
  • autostart_method

    Disable

  • enable_keylogger

    false

  • install_path

    %programfiles%\Orcus\Orcus.exe

  • reconnect_delay

    10000

  • registry_keyname

    Orcus

  • taskscheduler_taskname

    Orcus

  • watchdog_path

    AppData\OrcusWatchdog.exe

Targets

    • Target

      windows.exe

    • Size

      913KB

    • MD5

      4c30c907584baa7c1931a3a83ba69149

    • SHA1

      09d3887d9895189a49930a61aea8c788b1ad1c0e

    • SHA256

      afc180f84398fdf09969b61c538dd1b7d2259fba43b44a5ed00dac386df7a046

    • SHA512

      1f581850f9722153d760f6a0f125b71aae3b87546c851a26674cc37ec76b13e39f8abc93a77e1d32fdfe906fa80945fbfb9774cb002dadd922b629879c9246cc

    • SSDEEP

      24576:1Eqr4MROxnF25bYmfFhQ3rZlI0AilFEvxHil71B:1EjMiz3rZlI0AilFEvxHi

    Score
    6/10
    discovery

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Drops desktop.ini file(s)

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1behavioral2behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks