Overview

overview

10

Static

static

10

74eecb4e36...dd.exe

windows7-x64

10

74eecb4e36...dd.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    74eecb4e363a3f838f0892d3d65f07d1cce8071e0ae43a610d464876aaa143dd

  • Size

    3.0MB

  • MD5

    db5c632876815e331387d18af39886bf

  • SHA1

    c11dd087f248426f5022638223aaaab271d648c5

  • SHA256

    74eecb4e363a3f838f0892d3d65f07d1cce8071e0ae43a610d464876aaa143dd

  • SHA512

    5bcfd3fefdd622d784c4f4ada70bda46e71accec74c7098d8ac5a7c8bc02a23984b60af11ea3c22116caba2e6dc0effc1a792de8eb4b29a59812554b0049cc61

  • SSDEEP

    49152:mgJIfiTZKMb6BDzrKyTcCcL0CyxcF1UcfAypQxbWseo9JnCmQRIrGXI0AilFCvxr:LJIjs6ppcFLpXzpYypSbWVo9JCmk

Score
10/10
orcus

Malware Config

Extracted

Family

orcus

C2

95.164.114.247:1011

Mutex

3b8954508ba048e3a54d90e64bc50df5

Attributes
  • autostart_method

    Disable

  • enable_keylogger

    false

  • install_path

    %programfiles%\Orcus\Orcus.exe

  • reconnect_delay

    10000

  • registry_keyname

    Orcus

  • taskscheduler_taskname

    Orcus

  • watchdog_path

    AppData\OrcusWatchdog.exe

Signatures

  • Orcurs Rat Executable 1 IoCs
  • Orcus family
    orcus
  • Orcus main payload 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 74eecb4e363a3f838f0892d3d65f07d1cce8071e0ae43a610d464876aaa143dd
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections