Overview

overview

10

Static

static

10

1523a2cef2...71.exe

windows7-x64

10

1523a2cef2...71.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1523a2cef2a26e9b25a3fc81ac28b56b9e7f18bbb86dfc993dc5e9987f024a71

  • Size

    3.0MB

  • MD5

    6eff14955f352840b8937f0dc1811e49

  • SHA1

    1e9da08304611fe67b4e8454091d8c4c422392b1

  • SHA256

    1523a2cef2a26e9b25a3fc81ac28b56b9e7f18bbb86dfc993dc5e9987f024a71

  • SHA512

    56ab51d9e6f0a958e0aaf8ef4a8cdcfa49f362af733986c21580a9c6579dd097afad1af3b4704deb282bb3798710cfd8d8c47ba8c2fe5badfa574005da2e5f25

  • SSDEEP

    49152:8flit1ZeM9/3EgHcyH4Z9fVTB4krLzS+HAypQxbOqUo9JnCmLPnGFfhIMdOup:8fEtGjzD5rfLgypSbKo9JCm

Score
10/10
vtorcus

Malware Config

Extracted

Family

orcus

Botnet

VT

C2

91.227.18.174:443

Mutex

00019fe362dc4d06a7aaa7724afda437

Attributes
  • autostart_method

    Disable

  • enable_keylogger

    false

  • install_path

    %programfiles%\Orcus\Orcus.exe

  • reconnect_delay

    10000

  • registry_keyname

    Orcus

  • taskscheduler_taskname

    Orcus

  • watchdog_path

    AppData\OrcusWatchdog.exe

Signatures

  • Orcurs Rat Executable 1 IoCs
  • Orcus family
    orcus
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 1523a2cef2a26e9b25a3fc81ac28b56b9e7f18bbb86dfc993dc5e9987f024a71
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections