General
-
Target
cd50c9aed3db7c24472cf0a11bbeb8b5bc5262c255fea3018483fb347b656cd1
-
Size
912KB
-
MD5
b3b92d61c47974e2b4534a6b6dadc3fd
-
SHA1
51543803f6c78b5369d719b604419acced0bf7cb
-
SHA256
cd50c9aed3db7c24472cf0a11bbeb8b5bc5262c255fea3018483fb347b656cd1
-
SHA512
6555440da95c24ecfb48672c2b1e92cdff8e5e33b5394139bcb9dd1a6c3e5b80caa3fe69b39580da9ee4c8ec4f4e7c80c51d2f4bd762b4dd96cbc3598c87569b
-
SSDEEP
12288:R0XCGPSX0zbyD+ndg+QCImGYUl9qyzlkE2kUNCObCOYPOlJVzKepke+w7dG1lFlz:YKa4MROxnFLHbrrcI0AilFEvxHPcooW
Score
10/10
Malware Config
Extracted
Family
orcus
Botnet
lois injkector
C2
92.35.5.56:20001
Mutex
1052ddefbec0498084c332483d4c94fd
Attributes
-
autostart_method
Registry
-
enable_keylogger
true
-
install_path
%programfiles%\Orcus\Orcus.exe
-
reconnect_delay
10000
-
registry_keyname
Orcus
-
taskscheduler_taskname
Orcus
-
watchdog_path
AppData\OrcusWatchdog.exe
Signatures
-
Orcurs Rat Executable 1 IoCs
-
Orcus family
-
Orcus main payload 1 IoCs
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Files
-
cd50c9aed3db7c24472cf0a11bbeb8b5bc5262c255fea3018483fb347b656cd1
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
Imports
Sections