Overview

overview

10

Static

static

10

945be953a3...f7.exe

windows7-x64

10

945be953a3...f7.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    945be953a3c727167f2d0bf08830062d404e28c3e61c57458a1ce91b7d97aff7

  • Size

    924KB

  • MD5

    da40621730da7f04a2b9548e1de7fb53

  • SHA1

    9bd5431b68e24146252c98a00f92da2ef00a1f31

  • SHA256

    945be953a3c727167f2d0bf08830062d404e28c3e61c57458a1ce91b7d97aff7

  • SHA512

    997ecf148b2950a51b26d8f90be80cb84a730f3a2bd7534880217f92a7916ffeb6482d70a89f0cc2f4fdda10c6ef41b69af5cb4405c96f66b0ffa3944280d5b5

  • SSDEEP

    24576:Dzra4MROxnFE3KrXpprZlI0AilFEvxHi6j:Dz1MiuQpprZlI0AilFEvxHi

Score
10/10
с новым годомorcus

Malware Config

Extracted

Family

orcus

Botnet

С новым годом

C2

192.168.0.47:10134

Mutex

b5f1e47ccf614de682f6a6dee499b151

Attributes
  • autostart_method

    TaskScheduler

  • enable_keylogger

    true

  • install_path

    %programfiles%\OperaaGx\OperaaGx.exe

  • reconnect_delay

    10000

  • registry_keyname

    Orcus

  • taskscheduler_taskname

    OperaaGx

  • watchdog_path

    AppData\OperaaGx.exe

Signatures

  • Orcurs Rat Executable 1 IoCs
  • Orcus family
    orcus
  • Orcus main payload 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 945be953a3c727167f2d0bf08830062d404e28c3e61c57458a1ce91b7d97aff7
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections