Overview

overview

10

Static

static

10

f8b2caa2d6...18.exe

windows7-x64

1

f8b2caa2d6...18.exe

windows10-2004-x64

6

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f8b2caa2d6db38de32b9626a3b0f9dff_JaffaCakes118

  • Size

    905KB

  • Sample

    240926-s7w5esybnc

  • MD5

    f8b2caa2d6db38de32b9626a3b0f9dff

  • SHA1

    0e60bcac8324de0199ead858dd5334a4accbf02d

  • SHA256

    70ddb013e92765b03bf48692a515082a9c343ec86124ac631266517b40b7a69a

  • SHA512

    488381acfb335930e94502a480d80671d65502fbeb95522664b0ef2406123f456c275051036680c96a060b9da946ba68e53375cd479ecf134f4d047566a9b21b

  • SSDEEP

    12288:Cgfe07KFML7iLMucoUe7dG1lFlWcYT70pxnnaaoawnjKgRRA8rZNrI0AilFEvxHG:jtY4MROxnFbgHLrZlI0AilFEvxHina2

Score
10/10
orcus

Malware Config

Extracted

Family

orcus

C2

s1.kekw.tk:1337

Mutex

ec048ad7fb2544ce8ce0e245ce5e3c05

Attributes
  • autostart_method

    Disable

  • enable_keylogger

    true

  • install_path

    %allusersprofile%\Microsoft\Windows\time.exe

  • reconnect_delay

    10000

  • registry_keyname

    Orcus

  • taskscheduler_taskname

    Orcus

  • watchdog_path

    AppData\OrcusWatchdog.exe

Targets

    • Target

      f8b2caa2d6db38de32b9626a3b0f9dff_JaffaCakes118

    • Size

      905KB

    • MD5

      f8b2caa2d6db38de32b9626a3b0f9dff

    • SHA1

      0e60bcac8324de0199ead858dd5334a4accbf02d

    • SHA256

      70ddb013e92765b03bf48692a515082a9c343ec86124ac631266517b40b7a69a

    • SHA512

      488381acfb335930e94502a480d80671d65502fbeb95522664b0ef2406123f456c275051036680c96a060b9da946ba68e53375cd479ecf134f4d047566a9b21b

    • SSDEEP

      12288:Cgfe07KFML7iLMucoUe7dG1lFlWcYT70pxnnaaoawnjKgRRA8rZNrI0AilFEvxHG:jtY4MROxnFbgHLrZlI0AilFEvxHina2

    Score
    6/10

    • Drops desktop.ini file(s)

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks