Overview

overview

10

Static

static

10

1.exe

windows11-21h2-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1.exe

  • Size

    3.0MB

  • MD5

    1c3d920e9083781d881ed09efe737e3e

  • SHA1

    db0d3e1c5622f439265fc49112717e134c9a8d4c

  • SHA256

    75bc4d362485bf57a072a62a3c11d6590a38a43598eb1ce259c50a0cb0a578de

  • SHA512

    526edeffdbcfa77a2179038adef5e624e18e20413ec789f41f427dd71cb33dacf827c4a505b31cd5f1e49d164dfd25f21233f2069521f0d8c5b4a4ebf9c4b949

  • SSDEEP

    49152:GXbEKO3T5adZKM0sz5otCeEvsDKx+msbfGGW8wlBKJwAypQxbxEo9JnCmmlcrZEu:GXbtODUKTslWp2MpbfGGilIJPypSbxEb

Score
10/10
orcus

Malware Config

Extracted

Family

orcus

C2

Ezling-25441.portmap.host:25441

Mutex

d9a68a06158a4170bbc5f456a7f7076a

Attributes
  • autostart_method

    Disable

  • enable_keylogger

    false

  • install_path

    %programfiles%\Orcus\Orcus.exe

  • reconnect_delay

    10000

  • registry_keyname

    Orcus

  • taskscheduler_taskname

    Orcus

  • watchdog_path

    AppData\OrcusWatchdog.exe

Signatures

  • Orcurs Rat Executable 1 IoCs
  • Orcus family
    orcus
  • Orcus main payload 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 1.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections