Overview

overview

10

Static

static

10

f8b2caa2d6...18.exe

windows7-x64

1

f8b2caa2d6...18.exe

windows10-2004-x64

6

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f8b2caa2d6db38de32b9626a3b0f9dff_JaffaCakes118

  • Size

    905KB

  • MD5

    f8b2caa2d6db38de32b9626a3b0f9dff

  • SHA1

    0e60bcac8324de0199ead858dd5334a4accbf02d

  • SHA256

    70ddb013e92765b03bf48692a515082a9c343ec86124ac631266517b40b7a69a

  • SHA512

    488381acfb335930e94502a480d80671d65502fbeb95522664b0ef2406123f456c275051036680c96a060b9da946ba68e53375cd479ecf134f4d047566a9b21b

  • SSDEEP

    12288:Cgfe07KFML7iLMucoUe7dG1lFlWcYT70pxnnaaoawnjKgRRA8rZNrI0AilFEvxHG:jtY4MROxnFbgHLrZlI0AilFEvxHina2

Score
10/10
orcus

Malware Config

Extracted

Family

orcus

C2

s1.kekw.tk:1337

Mutex

ec048ad7fb2544ce8ce0e245ce5e3c05

Attributes
  • autostart_method

    Disable

  • enable_keylogger

    true

  • install_path

    %allusersprofile%\Microsoft\Windows\time.exe

  • reconnect_delay

    10000

  • registry_keyname

    Orcus

  • taskscheduler_taskname

    Orcus

  • watchdog_path

    AppData\OrcusWatchdog.exe

Signatures

  • Orcurs Rat Executable 1 IoCs
  • Orcus family
    orcus
  • Orcus main payload 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • f8b2caa2d6db38de32b9626a3b0f9dff_JaffaCakes118
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections