General
-
Target
e204210f55662ee3a8c374cb24b2f824c19386cff7db54e47594d82e4038bbf0
-
Size
911KB
-
MD5
cf78e7c352ad00b31d9c7a6d001fd6f6
-
SHA1
4651bca09bcd2551b0e1c4c9f8cff20149e62d69
-
SHA256
e204210f55662ee3a8c374cb24b2f824c19386cff7db54e47594d82e4038bbf0
-
SHA512
5ace1658abd46a7fbd2f0ebce1fee0c5f51abcac953afaf193e7e6d5d9b3a79aee7f1791912b0935832264f388a277d8199ef1953b30a688859b29e8fceb9b51
-
SSDEEP
24576:d+5T4MROxnFm5bHKTlQqrZlI0AilFEvxHipXoX:I50MiAqrZlI0AilFEvxHi
Score
10/10
Malware Config
Extracted
Family
orcus
C2
192.168.224.143:14892
Mutex
99ee85ecb1ff458698464339dbdd4f3f
Attributes
-
autostart_method
Disable
-
enable_keylogger
false
-
install_path
%programfiles%\Orcus\Orcus.exe
-
reconnect_delay
10000
-
registry_keyname
Orcus
-
taskscheduler_taskname
Orcus
-
watchdog_path
AppData\OrcusWatchdog.exe
Signatures
-
Orcurs Rat Executable 1 IoCs
-
Orcus family
-
Orcus main payload 1 IoCs
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Files
-
e204210f55662ee3a8c374cb24b2f824c19386cff7db54e47594d82e4038bbf0
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
Imports
Sections