General
-
Target
b7684262403dfa08b0437910fbe72e02bc42ab2efb40ba9e1b7e9b291446dd5b
-
Size
915KB
-
MD5
8161206e41902fdf459614805090f425
-
SHA1
1b97a4f47ba33e17d3e583426731ae75b8d7b1a7
-
SHA256
b7684262403dfa08b0437910fbe72e02bc42ab2efb40ba9e1b7e9b291446dd5b
-
SHA512
8b4369ca1f21eaedb41e9ca816abce19a7a3c61244795862b8268fa135f6ff6abbf0121ecc71cd400e96c4ef813f4ff4bc42c5df1a469df4a0a501ed43d9ae36
-
SSDEEP
24576:YmHR4MROxnFi3Is4rrcI0AilFEvxHPmook:7uMioN4rrcI0AilFEvxHP
Score
10/10
Malware Config
Extracted
Family
orcus
C2
192.168.0.103:6969
Mutex
a289f5162e614f13a5cf125c6e24e771
Attributes
-
autostart_method
TaskScheduler
-
enable_keylogger
true
-
install_path
%programfiles%\Orcus\Orcus.exe
-
reconnect_delay
10000
-
registry_keyname
Orcus
-
taskscheduler_taskname
Orcus
-
watchdog_path
AppData\OrcusWatchdog.exe
Signatures
-
Orcurs Rat Executable 1 IoCs
-
Orcus family
-
Orcus main payload 1 IoCs
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Files
-
b7684262403dfa08b0437910fbe72e02bc42ab2efb40ba9e1b7e9b291446dd5b
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
Imports
Sections