Overview

overview

10

Static

static

10

a15b51fb44...8e.exe

windows7-x64

10

a15b51fb44...8e.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a15b51fb441f08f3fce60ae2c9e21a99b08daaf83aa0945f9736415da2e70f8e

  • Size

    904KB

  • MD5

    06085978cd81457dc5ecbed3cff9f61c

  • SHA1

    66aae4ed1eeb563a6100a42a8734733bb6d68665

  • SHA256

    a15b51fb441f08f3fce60ae2c9e21a99b08daaf83aa0945f9736415da2e70f8e

  • SHA512

    9e9e3d01fe2540b845f9a965753a47d8780c2f95eaa16f3d7c9832452e168876eb72b5933ddf0cb2e5474c9370957557ad50c0809d34fe012ddf2901cb5158d0

  • SSDEEP

    24576:IAi4MROxnFHOVrrcI0AilFEvxHPPcooN:IgMiJ8rrcI0AilFEvxHP

Score
10/10
orcus

Malware Config

Extracted

Family

orcus

C2

b7fscoc.localto.net:8763

Mutex

cf06369f7b98472f97643448b3df76ba

Attributes
  • autostart_method

    Registry

  • enable_keylogger

    true

  • install_path

    %appdata%\Roaming\am1\RuntimeBroker.exe

  • reconnect_delay

    10000

  • registry_keyname

    RuntimeBroker

  • taskscheduler_taskname

    RuntimeBroker

  • watchdog_path

    AppData\OrcusWatchdog.exe

Signatures

  • Orcurs Rat Executable 1 IoCs
  • Orcus family
    orcus
  • Orcus main payload 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • a15b51fb441f08f3fce60ae2c9e21a99b08daaf83aa0945f9736415da2e70f8e
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections