Overview

overview

10

Static

static

10

afa0f8e585...8e.exe

windows7-x64

1

afa0f8e585...8e.exe

windows10-2004-x64

6

Sharing

Copy URL
Twitter E-mail

General

  • Target

    afa0f8e585262f6b696c02f8e6df08307269834a9c84a609e89c6083ca81498e

  • Size

    910KB

  • Sample

    241226-bgyf5asrds

  • MD5

    8a4767d2b571133c41b8bb96e170d4c4

  • SHA1

    e2c309692c8cd1b75a86c6703b925a98198f13db

  • SHA256

    afa0f8e585262f6b696c02f8e6df08307269834a9c84a609e89c6083ca81498e

  • SHA512

    176ac9213b0391391b9f5c7f80749bc9eb67b57e14155e4b33af9ca34f6eeda022ae2abca363ee28316aed5c670c9406e868b7ad6044b899627c98c56a929c8b

  • SSDEEP

    12288:h5STYf+qnR7Fkxh7dG1lFlWcYT70pxnnaaoawASIh4JWVGMrZNrI0AilFEvxHvBl:nhg4MROxnFp/iJkrZlI0AilFEvxHiQ3

Score
10/10
orcus

Malware Config

Extracted

Family

orcus

C2

127.0.0.1:80

Mutex

c93e0134c7064504addc804b8fc72ebd

Attributes
  • autostart_method

    Disable

  • enable_keylogger

    false

  • install_path

    %programfiles%\Orcus\Orcus.exe

  • reconnect_delay

    10000

  • registry_keyname

    Orcus

  • taskscheduler_taskname

    Orcus

  • watchdog_path

    AppData\OrcusWatchdog.exe

Targets

    • Target

      afa0f8e585262f6b696c02f8e6df08307269834a9c84a609e89c6083ca81498e

    • Size

      910KB

    • MD5

      8a4767d2b571133c41b8bb96e170d4c4

    • SHA1

      e2c309692c8cd1b75a86c6703b925a98198f13db

    • SHA256

      afa0f8e585262f6b696c02f8e6df08307269834a9c84a609e89c6083ca81498e

    • SHA512

      176ac9213b0391391b9f5c7f80749bc9eb67b57e14155e4b33af9ca34f6eeda022ae2abca363ee28316aed5c670c9406e868b7ad6044b899627c98c56a929c8b

    • SSDEEP

      12288:h5STYf+qnR7Fkxh7dG1lFlWcYT70pxnnaaoawASIh4JWVGMrZNrI0AilFEvxHvBl:nhg4MROxnFp/iJkrZlI0AilFEvxHiQ3

    Score
    6/10

    • Drops desktop.ini file(s)

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks