General
-
Target
e15c3ff9de2290626cc24301d496ff18a89adb9832a93c3d17cd9e4a1484e8cc
-
Size
903KB
-
MD5
50b929d34d4b8d8a1403372fa7c608cb
-
SHA1
a1edb9952c197496edc5455e5be1d8af886bf3ce
-
SHA256
e15c3ff9de2290626cc24301d496ff18a89adb9832a93c3d17cd9e4a1484e8cc
-
SHA512
825a59aabe859826d43f60785d6592948cfbb971a669f10ffe51439ef23c301c06ab63e0929a30b8abb4be558410de7e7a3feac894a108d410472a18da6af39d
-
SSDEEP
12288:48shHAVBuQBBed37dG1lFlWcYT70pxnnaaoawMRVcTqSA+9rZNrI0AilFEvxHvB1:J3s4MROxnF9LqrZlI0AilFEvxHiXo
Score
10/10
Malware Config
Extracted
Family
orcus
C2
venerra.ddns.net:1604
Mutex
004182be16184746aa39d249aa1c91af
Attributes
-
autostart_method
Disable
-
enable_keylogger
false
-
install_path
%programfiles%\Orcus\Orcus.exe
-
reconnect_delay
10000
-
registry_keyname
Orcus
-
taskscheduler_taskname
Orcus
-
watchdog_path
AppData\OrcusWatchdog.exe
Signatures
-
Orcurs Rat Executable 1 IoCs
-
Orcus family
-
Orcus main payload 1 IoCs
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Files
-
e15c3ff9de2290626cc24301d496ff18a89adb9832a93c3d17cd9e4a1484e8cc
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
Imports
Sections