Overview

overview

10

Static

static

10

2ddbc053ba...83.exe

windows7-x64

10

2ddbc053ba...83.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2ddbc053baf510f2bb819973fd1b421d84f917522bed05dbb41ab326d5d28183

  • Size

    919KB

  • MD5

    fa6c9a01e8fd6075e4143fe869f26633

  • SHA1

    b3b7bfb052306ef1f33d327d90c0ba630b6c57ee

  • SHA256

    2ddbc053baf510f2bb819973fd1b421d84f917522bed05dbb41ab326d5d28183

  • SHA512

    25ec4a100ec760b2a671900ff92438c716fe107be0002ed1b43d7e5ca9baa8796002ccb22ec8db05098af3f68f1c499c56b85dc0536094efb8f313ec1c7bbe0a

  • SSDEEP

    12288:GRzyAHWSkJ6ZBy37dG1lFlWcYT70pxnnaaoawhmD9kgWr8rZNrI0AilFEvxHvBMw:xk84MROxnF31vrZlI0AilFEvxHic+C

Score
10/10
orcus

Malware Config

Extracted

Family

orcus

C2

Ezzka1337123123-52059.portmap.host:52059

Mutex

ca01f7484a6e4c3dbdd4b2c03f15df00

Attributes
  • autostart_method

    Registry

  • enable_keylogger

    false

  • install_path

    %programfiles%\Orcus\Orcus.exe

  • reconnect_delay

    10000

  • registry_keyname

    WindowsDefender

  • taskscheduler_taskname

    Orcus

  • watchdog_path

    AppData\OrcusWatchdog.exe

Signatures

  • Orcurs Rat Executable 1 IoCs
  • Orcus family
    orcus
  • Orcus main payload 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 2ddbc053baf510f2bb819973fd1b421d84f917522bed05dbb41ab326d5d28183
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections