Overview

overview

10

Static

static

10

7761133cb4...e8.exe

windows7-x64

10

7761133cb4...e8.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    7761133cb4ae903f269c35218b773acf119e0382ab1fd80958f6bb80515f8ee8

  • Size

    917KB

  • MD5

    cf0dd193b3411fab2cdc43e49bc6b850

  • SHA1

    1fc53efd2ee6eadcd145b35d1964fa80daed81ae

  • SHA256

    7761133cb4ae903f269c35218b773acf119e0382ab1fd80958f6bb80515f8ee8

  • SHA512

    dbb54b172b4de3dea5d681fb2f2b96e8a38b5e1d65385c3500f71c26d95c214c20fd2d710d98e7107427a887307cedd6958dbdf74f6ac4235e6c2968ab79af6d

  • SSDEEP

    12288:xMLaIPO6EJr/ThI7dG1lFlWcYT70pxnnaaoawhmy9kgWrUrZNrI0AilFEvxHvBMi:VDg4MROxnFe1/rZlI0AilFEvxHiOOYV

Score
10/10
orcus

Malware Config

Extracted

Family

orcus

C2

Ezzka1337212312331-64524.portmap.host:64524

Mutex

b36ed3c7eee04d05bd5e94ae29f2d7fb

Attributes
  • autostart_method

    Disable

  • enable_keylogger

    false

  • install_path

    %programfiles%\.minecraft\Launcher.exe

  • reconnect_delay

    10000

  • registry_keyname

    Orcus

  • taskscheduler_taskname

    Orcus

  • watchdog_path

    AppData\OrcusWatchdog.exe

Signatures

  • Orcurs Rat Executable 1 IoCs
  • Orcus family
    orcus
  • Orcus main payload 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 7761133cb4ae903f269c35218b773acf119e0382ab1fd80958f6bb80515f8ee8
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections