Overview

overview

10

Static

static

10

Orcus.exe

windows7-x64

10

Orcus.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Orcus.exe

  • Size

    3.0MB

  • MD5

    37128f8c34f0e2112cb6c60d2fe8d4c6

  • SHA1

    42d4240892b4fcb2b5332fb70210238aa4070f6a

  • SHA256

    8667faa80b6d3e4126e5e9e60b6e2f755f5388c5554e7b6fd59bcd5a342326ad

  • SHA512

    f0387c7f8d4d74fc378599918cee295abf14e0cc3983a4e1681a7d40ba4b5af519a0bfec7244d2e081588590e421711dc412b3e32cb17c0a6b9db9a0d0656b88

  • SSDEEP

    49152:uBpEKO3T5adZKM0sz5otCeEvsDKx+msbfGGW8wlBKJwAypQxbxEo9JnCmmLNrZEu:uBptODUKTslWp2MpbfGGilIJPypSbxEt

Score
10/10
robloxorcus

Malware Config

Extracted

Family

orcus

Botnet

Roblox

C2

89.23.100.155:1337

Mutex

fa9ce586702b4090bcb834980fda0474

Attributes
  • autostart_method

    Registry

  • enable_keylogger

    true

  • install_path

    %programfiles%\Windows\MpDefenderCore.exe

  • reconnect_delay

    10000

  • registry_keyname

    MpDefender

  • taskscheduler_taskname

    MpDefender

  • watchdog_path

    AppData\xdwdwatchdog.exe

Signatures

  • Orcurs Rat Executable 1 IoCs
  • Orcus family
    orcus
  • Orcus main payload 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • Orcus.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections