Overview

overview

10

Static

static

10

987a7d82d2...e7.exe

windows7-x64

10

987a7d82d2...e7.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    987a7d82d2390944d7c8fd67e7de1dcce7fd6be9580ce8f9226532a73b4d20e7

  • Size

    924KB

  • MD5

    7e282c2bbb80780191282e11331f85fa

  • SHA1

    0b14fc0f14f86957b8e1b2f379c389b780dda53c

  • SHA256

    987a7d82d2390944d7c8fd67e7de1dcce7fd6be9580ce8f9226532a73b4d20e7

  • SHA512

    9c29e51f13c34a6f94ecc0c4500c4143901ffba4f5cecea978effa0b5dce5cb19b4b582cce3cd3656ba270f2d750fc751780b16c9a18b8fe3fdf036bfb0c4cd3

  • SSDEEP

    24576:xnQm4MROxnFE3C4rrcI0AilFEvxHjZMQp:xnQlMiuC4rrcI0AilFEvxHj

Score
10/10
build1orcus

Malware Config

Extracted

Family

orcus

Botnet

BUILD1

C2

46.8.210.6:10134

Mutex

979c2ee9d7ff48d0a2e4e2df3c2c864d

Attributes
  • autostart_method

    Registry

  • enable_keylogger

    true

  • install_path

    %programfiles%\Common Files\System\HD Audio\HDAudio.exe

  • reconnect_delay

    10000

  • registry_keyname

    HDAudioDriver

  • taskscheduler_taskname

    HDAudioDriver

  • watchdog_path

    AppData\HDAudioWatchdog.exe

Signatures

  • Orcurs Rat Executable 1 IoCs
  • Orcus family
    orcus
  • Orcus main payload 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 987a7d82d2390944d7c8fd67e7de1dcce7fd6be9580ce8f9226532a73b4d20e7
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections