General
-
Target
78afefee16a6e648a08f0e348c086dde76f917e24b45dd4c64124fa0645f8d97
-
Size
903KB
-
MD5
e01f6c2e3489ec4f372f5e42043c76ad
-
SHA1
ff18a6f8f0535cb90bd1be41c5f751eb7e68c9bf
-
SHA256
78afefee16a6e648a08f0e348c086dde76f917e24b45dd4c64124fa0645f8d97
-
SHA512
b7eb8aaf68bc5a91e94bb1889cda2d0c22af3cbf4011134b6b4d86d08ca6e945002f868a3c818fb0aa0e551193863167c874f4780aa93142b7e74768d96dd932
-
SSDEEP
12288:Y8shHAVBuQBBed37dG1lFlWcYT70pxnnaaoawMRVcTqSA+9rZNrI0AilFEvxHvBJ:p3s4MROxnF9LqrZlI0AilFEvxHi8b8o
Score
10/10
Malware Config
Extracted
Family
orcus
C2
25.58.174.75:10134
Mutex
5959ab4ab0884401bc50ad7556c97639
Attributes
-
autostart_method
Disable
-
enable_keylogger
false
-
install_path
%programfiles%\Orcus\Orcus.exe
-
reconnect_delay
10000
-
registry_keyname
Orcus
-
taskscheduler_taskname
Orcus
-
watchdog_path
AppData\OrcusWatchdog.exe
Signatures
-
Orcurs Rat Executable 1 IoCs
-
Orcus family
-
Orcus main payload 1 IoCs
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Files
-
78afefee16a6e648a08f0e348c086dde76f917e24b45dd4c64124fa0645f8d97
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
Imports
Sections