Overview

overview

10

Static

static

10

4.5.4.exe

windows7-x64

10

4.5.4.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4.5.4.exe

  • Size

    840KB

  • MD5

    8a2318868f36e910dd4f23ab8cafa166

  • SHA1

    472ae1e6a1354cde1a5f45fbe50c90e68532ab07

  • SHA256

    7955b9bd95203cba3131477b66ae3485a410c1ed59c7a96ca42565dfaa06d265

  • SHA512

    35b9417e50607fedcd47d2bd38dabad2ba6d48277f0fb38ac402b9efe408dc8a20ba5c345774a0205978590dc88002ce37a856a53aed9d9f2f92326f0ed92b3a

  • SSDEEP

    24576:QyPS04YNEMuExDiU6E5R9s8xY/2l/dL5Ibt+rt:Qyl4auS+UjfU2TFIbt+r

Score
10/10
ratorcus

Malware Config

Extracted

Family

orcus

C2

192.168.10.8

91.92.247.123

tech11.ddns.net

tech22.ddns.net
Mutex

ec3750d27df2422f9771480c02d90266

Attributes
  • administration_rights_required

    false

  • anti_debugger

    false

  • anti_tcp_analyzer

    false

  • antivm

    false

  • autostart_method

    1

  • change_creation_date

    false

  • force_installer_administrator_privileges

    false

  • hide_file

    false

  • install

    false

  • installation_folder

    %appdata%\Microsoft\Speech\AudioDriver.exe

  • installservice

    false

  • keylogger_enabled

    false

  • newcreationdate

    04/04/2023 06:41:34

  • plugins

    AgEAAA==

  • reconnect_delay

    10000

  • registry_autostart_keyname

    Audio HD Driver

  • registry_hidden_autostart

    false

  • set_admin_flag

    false

  • tasksch_request_highest_privileges

    false

  • try_other_autostart_onfail

    false

aes.plain

Signatures

  • Orcus family
    orcus
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 4.5.4.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections