Overview

overview

10

Static

static

10

e02850224e...e4.exe

windows7-x64

7

e02850224e...e4.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e02850224e42be3bb2e7de2eccbab2fea66c18a4ee309532ca5e59350d68eae4

  • Size

    932KB

  • MD5

    19eb4feed67a15713b756b0335a308ed

  • SHA1

    9e3166f1040cd8345df21a48c630c4a0f4ac3c87

  • SHA256

    e02850224e42be3bb2e7de2eccbab2fea66c18a4ee309532ca5e59350d68eae4

  • SHA512

    f667afc5f62cdf4a241cf5f53a40b95393a8d5731e982dc3ad55a0366da38c74495d4cd22f05ecb95e302b09850ebade9684ef228ae3a83b7e3acd7cf1bc90d0

  • SSDEEP

    24576:G9T4MROxnFE3GrXpErZlI0AilFEvxHiKW:G90MiukpErZlI0AilFEvxHi

Score
10/10
orcus

Malware Config

Extracted

Family

orcus

C2

192.168.0.2:25565

Mutex

8205ee58b99544f9b60289e2f6a7e980

Attributes
  • autostart_method

    Disable

  • enable_keylogger

    false

  • install_path

    %programfiles%\Orcus\Orcus.exe

  • reconnect_delay

    10000

  • registry_keyname

    Orcus

  • taskscheduler_taskname

    Orcus

  • watchdog_path

    AppData\OperaWatchdog.exe

Signatures

  • Orcurs Rat Executable 1 IoCs
  • Orcus family
    orcus
  • Orcus main payload 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • e02850224e42be3bb2e7de2eccbab2fea66c18a4ee309532ca5e59350d68eae4
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections