General
-
Target
f482f02149622205c6d5ed988aae617c_JaffaCakes118
-
Size
905KB
-
MD5
f482f02149622205c6d5ed988aae617c
-
SHA1
8126947af7338744dc8c7f5ea9a17e9c20dd33dc
-
SHA256
fd2421c6582e3d7fcf917b7e3c24309e20731f828bdb8505076dafaf4cd9ee9e
-
SHA512
7b69d4f838c4275d0a73699ad35b7152abef34e75b13787e1a253b6a0f2c7826685e6484d8e32da4c6719e94da364a400396a0a5d751ee58a9c9ff66cadce4e5
-
SSDEEP
12288:X0XCGPSX0zbyD+ndg+QCImGYUl9qyzlkE2kUNCl/2Nr6BNRCpepD25r7dG1lFlWM:ApP4MROxnFMOVrrcI0AilFEvxHPeoo0
Score
10/10
Malware Config
Extracted
Family
orcus
Botnet
aa
C2
75.23.178.95:214
Mutex
17e765930f6d487aae82933122a74df7
Attributes
-
autostart_method
Registry
-
enable_keylogger
false
-
install_path
%programfiles%\Orcus\Orcus.exe
-
reconnect_delay
10000
-
registry_keyname
Registry.
-
taskscheduler_taskname
Registry
-
watchdog_path
AppData\OrcusWatchdog.exe
Signatures
-
Orcurs Rat Executable 1 IoCs
-
Orcus family
-
Orcus main payload 1 IoCs
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Files
-
f482f02149622205c6d5ed988aae617c_JaffaCakes118
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
Imports
Sections