Resubmissions

28-07-2024 09:32

240728-lh334stalh 10

28-07-2024 09:29

240728-lf31bsshnd 10

General

  • Target

    windows.exe

  • Size

    913KB

  • MD5

    4c30c907584baa7c1931a3a83ba69149

  • SHA1

    09d3887d9895189a49930a61aea8c788b1ad1c0e

  • SHA256

    afc180f84398fdf09969b61c538dd1b7d2259fba43b44a5ed00dac386df7a046

  • SHA512

    1f581850f9722153d760f6a0f125b71aae3b87546c851a26674cc37ec76b13e39f8abc93a77e1d32fdfe906fa80945fbfb9774cb002dadd922b629879c9246cc

  • SSDEEP

    24576:1Eqr4MROxnF25bYmfFhQ3rZlI0AilFEvxHil71B:1EjMiz3rZlI0AilFEvxHi

Score
10/10

Malware Config

Extracted

Family

orcus

C2

0.tcp.eu.ngrok.io:12863

Mutex

66e10069bf334043882c3a304dfd504d

Attributes
  • autostart_method

    Disable

  • enable_keylogger

    false

  • install_path

    %programfiles%\Orcus\Orcus.exe

  • reconnect_delay

    10000

  • registry_keyname

    Orcus

  • taskscheduler_taskname

    Orcus

  • watchdog_path

    AppData\OrcusWatchdog.exe

Signatures

  • Orcurs Rat Executable 1 IoCs
  • Orcus family
  • Orcus main payload 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • windows.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections