Overview

overview

10

Static

static

10

c0fab6bd0c...f5.exe

windows7-x64

10

c0fab6bd0c...f5.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    c0fab6bd0cda4fe91b943068e0ba0385186a5c79b773c0e1f6ceef98743dc6f5

  • Size

    924KB

  • MD5

    381ef6356724e26cbb7efa72a40506c8

  • SHA1

    e0b9c176be1d7ae00c8eb41bd3aace05449c313b

  • SHA256

    c0fab6bd0cda4fe91b943068e0ba0385186a5c79b773c0e1f6ceef98743dc6f5

  • SHA512

    d1f55ee4bff22406796c87f1f2b1a37cc8c7f62050d5639be4c1ab66c578cdeba54efd73f5f594a3b33749833c182531343e0a25fbc4980b62a6bfaeaedf93c5

  • SSDEEP

    24576:9nQm4MROxnFE3CxrrcI0AilFEvxHjXQp:9nQlMiuCxrrcI0AilFEvxHj

Score
10/10
testorcus

Malware Config

Extracted

Family

orcus

Botnet

TEST

C2

46.8.210.6:10134

Mutex

979c2ee9d7ff48d0a2e4e2df3c2c864d

Attributes
  • autostart_method

    Registry

  • enable_keylogger

    true

  • install_path

    %programfiles%\Common Files\System\HD Audio\HDAudio.exe

  • reconnect_delay

    10000

  • registry_keyname

    HDAudioDriver

  • taskscheduler_taskname

    HDAudioDriver

  • watchdog_path

    AppData\HDAudioWatchdog.exe

Signatures

  • Orcurs Rat Executable 1 IoCs
  • Orcus family
    orcus
  • Orcus main payload 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • c0fab6bd0cda4fe91b943068e0ba0385186a5c79b773c0e1f6ceef98743dc6f5
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections