Overview

overview

10

Static

static

10

fall.exe

windows7-x64

1

fall.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    fall.exe

  • Size

    903KB

  • Sample

    250124-n2e7haylfm

  • MD5

    b86a2a0af835000d484d496fec1d5ffc

  • SHA1

    dfe20835aba1f39c124d540e925c67cc02910200

  • SHA256

    9e1c62eb882475a97643802f9b4ee456837abff20b9c23b7805504b6fa99b5e6

  • SHA512

    bc79a3c5ef97951c1c7a16ba875a253cbef6750ccc3ba03fe46bdf2a066ed9d95917e77834c636d440a655403de7861dd66082f0fdb1317c70141e45b59609d3

  • SSDEEP

    12288:K8shHAVBuQBBed37dG1lFlWcYT70pxnnaaoawflBa2Ley+trZNrI0AilFEvxHvBg:r3s4MROxnFCay6rZlI0AilFEvxHiGU

Score
10/10
orcus

Malware Config

Extracted

Family

orcus

C2

195.88.218.126:10134

Mutex

3ceb2ea3bf8f49ab8809c1a37d3b9ee2

Attributes
  • autostart_method

    Disable

  • enable_keylogger

    false

  • install_path

    %programfiles%\Orcus\Orcus.exe

  • reconnect_delay

    10000

  • registry_keyname

    Orcus

  • taskscheduler_taskname

    Orcus

  • watchdog_path

    AppData\OrcusWatchdog.exe

Targets

    • Target

      fall.exe

    • Size

      903KB

    • MD5

      b86a2a0af835000d484d496fec1d5ffc

    • SHA1

      dfe20835aba1f39c124d540e925c67cc02910200

    • SHA256

      9e1c62eb882475a97643802f9b4ee456837abff20b9c23b7805504b6fa99b5e6

    • SHA512

      bc79a3c5ef97951c1c7a16ba875a253cbef6750ccc3ba03fe46bdf2a066ed9d95917e77834c636d440a655403de7861dd66082f0fdb1317c70141e45b59609d3

    • SSDEEP

      12288:K8shHAVBuQBBed37dG1lFlWcYT70pxnnaaoawflBa2Ley+trZNrI0AilFEvxHvBg:r3s4MROxnFCay6rZlI0AilFEvxHiGU

    Score
    7/10

    • Loads dropped DLL

    • Drops desktop.ini file(s)

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks