Overview

overview

10

Static

static

10

123.exe

windows10-2004-x64

10

123.exe

windows11-21h2-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    123.exe

  • Size

    3.0MB

  • MD5

    07240cd6ba75c9de0b73c89e44d95b7a

  • SHA1

    2081431367f5ecfcd338becc676dfdfc09324329

  • SHA256

    a91db08cd243f4a8186026af1a99ea3d5c90ed868fb54c4465b115c8ec20c06d

  • SHA512

    56fb58adc517326ecc8bdbade7a36fc14a47c5c1c6aecd6ca27b58c623b502d0c667d9fcb67db46dcdd397d1821b96ed350166451572e54fae2b6897df2d7ca9

  • SSDEEP

    49152:snwEKO3T5adZKM0sz5otCeEvsDKx+msbfGGW8wlBKJwAypQxbxEo9JnCmm8crZEu:snwtODUKTslWp2MpbfGGilIJPypSbxEe

Score
10/10
orcus

Malware Config

Extracted

Family

orcus

C2

10.9.173.50:1337

Mutex

c7a29885defe4dd8a65fbed3f3afa030

Attributes
  • autostart_method

    Disable

  • enable_keylogger

    false

  • install_path

    %programfiles%\Orcus\Orcus.exe

  • reconnect_delay

    10000

  • registry_keyname

    Orcus

  • taskscheduler_taskname

    Orcus

  • watchdog_path

    AppData\OrcusWatchdog.exe

Signatures

  • Orcurs Rat Executable 1 IoCs
  • Orcus family
    orcus
  • Orcus main payload 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 123.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections