General
-
Target
xda.exe
-
Size
3.0MB
-
MD5
cf6aa82e9cb164a4ddd30a1f77db1eb7
-
SHA1
60790744a396419695221c39aee74672bc67fa66
-
SHA256
e67c3d893e403f8974605d2c77bf66930c880de94dddb02dc13ce7c8d40ad700
-
SHA512
e9465d2469199972ece28fde93be701e15d97bb495ee75545161ebb8712591b04867110d8632fce712295399c89338fdfe2c7c5179f597bffd8e3c679b95ae09
-
SSDEEP
49152:XzTEKO3T5adZKM0sz5otCeEvsDKx+msbfGGW8wlBKJwAypQxbxEo9JnCmmWrZEIN:XzTtODUKTslWp2MpbfGGilIJPypSbxE8
Score
10/10
Malware Config
Extracted
Family
orcus
C2
89.23.100.155:1337
Mutex
d058ef377b7f46bea0e52b669562775b
Attributes
-
autostart_method
Registry
-
enable_keylogger
false
-
install_path
%programfiles%\Orcus\Orcus.exe
-
reconnect_delay
10000
-
registry_keyname
Orcus
-
taskscheduler_taskname
Orcus
-
watchdog_path
AppData\OrcusWatchdog.exe
Signatures
-
Orcurs Rat Executable 1 IoCs
-
Orcus family
-
Orcus main payload 1 IoCs
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Files
-
xda.exe
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
Imports
Sections