Overview

overview

10

Static

static

10

dc24215a88...41.exe

windows7-x64

10

dc24215a88...41.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    dc24215a88cc28f21902e2eb3d378a8ed244389cd4315151864cef92324c0b41

  • Size

    924KB

  • MD5

    58e4b372703004a321ab6c1a0d14536b

  • SHA1

    68bb1f822b5d93a51156458f23dbaefcec75e035

  • SHA256

    dc24215a88cc28f21902e2eb3d378a8ed244389cd4315151864cef92324c0b41

  • SHA512

    c855082bff3256d04d4cc8874437fdfb6ee937b455527f910584b49cfe658ad37edb3a10acb09301c35d7d574de2aeeb13deb0c58e752375f3e8bbd6157c1e7f

  • SSDEEP

    12288:m0XCGPSX0zbyD+ndg+QCImGYUl9qyzlkE2kUNCd6zONefAUUFEplMETQ7dG1lFlc:+mS4MROxnFE3F8rrcI0AilFEvxHjZQX

Score
10/10
build1orcus

Malware Config

Extracted

Family

orcus

Botnet

BUILD1

C2

0.0.0.0:1268

Mutex

979c2ee9d7ff48d0a2e4e2df3c2c864d

Attributes
  • autostart_method

    Registry

  • enable_keylogger

    true

  • install_path

    %programfiles%\Common Files\System\HD Audio\HDAudio.exe

  • reconnect_delay

    10000

  • registry_keyname

    HDAudioDriver

  • taskscheduler_taskname

    HDAudioDriver

  • watchdog_path

    AppData\HDAudioWatchdog.exe

Signatures

  • Orcurs Rat Executable 1 IoCs
  • Orcus family
    orcus
  • Orcus main payload 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • dc24215a88cc28f21902e2eb3d378a8ed244389cd4315151864cef92324c0b41
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections