General
-
Target
htdhfrsfs.exe
-
Size
903KB
-
MD5
942a8d7c0a5bdd9639ff9805365021a3
-
SHA1
019ebb82c3208968d53b03cb940fb342c85b6a6c
-
SHA256
a7416cfb861ac1151c17305ec1b43f033729f637a0c74a15b3d0a85f68e90807
-
SHA512
5484158ba1b75cee0a4111b2e53c46c266546906ade4ed516eac3b0c53536f5fbc7a6b3849fe345a0ae60f6955c5da83716f2fdb1f59a9183e847f5e3713512d
-
SSDEEP
12288:Z8shHAVBuQBBed37dG1lFlWcYT70pxnnaaoawMRVcTqSA+9rZNrI0AilFEvxHvB0:m3s4MROxnF9LqrZlI0AilFEvxHinSo
Score
10/10
Malware Config
Extracted
Family
orcus
C2
23.84.85.170:3389
Mutex
466139a685e046efa39e67d19f3bebeb
Attributes
-
autostart_method
Disable
-
enable_keylogger
false
-
install_path
%programfiles%\Orcus\Orcus.exe
-
reconnect_delay
10000
-
registry_keyname
Orcus
-
taskscheduler_taskname
Orcus
-
watchdog_path
AppData\OrcusWatchdog.exe
Signatures
-
Orcurs Rat Executable 1 IoCs
-
Orcus family
-
Orcus main payload 1 IoCs
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Files
-
htdhfrsfs.exe
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
Imports
Sections