orcus | ba928c4d2ba59ab646e5a8178d5bada82704eb4819146b79139a378f3c2be8a7

General

Target

ba928c4d2ba59ab646e5a8178d5bada82704eb4819146b79139a378f3c2be8a7
Size

6.0MB
MD5

366809485bc0958ac26655a8158283a0
SHA1

e342bcae97887ae54af1a452bee924cf3ae0dbdc
SHA256

ba928c4d2ba59ab646e5a8178d5bada82704eb4819146b79139a378f3c2be8a7
SHA512

c7e026768dc555ea15f86334e1ad3f00f314d223e49e291144ea262380856d31b2b57f696d185c5fe69c5c229dcaf4a001b13b81d1929415f50b001c79e03e15
SSDEEP

24576:CyGS04YNEMuExDiU6E5R9s8xY/2l/dlLc83UIbt+ry:CyC4auS+UjfU2T1t3UIbt+r

Score

10^/10

rat orcus

Family

orcus

C2

192.168.68.146

Mutex

e28b1da3c3fd4d4da0a40bd5d996fbb0

Attributes

administration_rights_required
false
anti_debugger
false
anti_tcp_analyzer
false
antivm
false
autostart_method
1
change_creation_date
false
force_installer_administrator_privileges
false
hide_file
false
install
false
installation_folder
%appdata%\Microsoft\Windows\PDFReader.exe
installservice
false
keylogger_enabled
false
newcreationdate
01/27/2025 15:40:25
plugins
AgUFl6aNkQPXkQKOmwKLvFcpr24sKCsVRABpAHMAYQBiAGwAZQAgAFcAZQBiAGMAYQBtACAATABpAGcAaAB0AHMABwMxAC4AMABBIDkANQA1ADQAMwA0ADEAYwA3ADQAZQA5ADQAYgA0ADMAYgAzAGMAMwBmAGEAYQAzADAANAAxADcAYQBkADYAYwABAAAAAgI=
reconnect_delay
10000
registry_autostart_keyname
PDFReader
registry_hidden_autostart
false
set_admin_flag
false
tasksch_name
Audio HD Driver
tasksch_request_highest_privileges
false
try_other_autostart_onfail
false

aes.plain

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ba928c4d2ba59ab646e5a8178d5bada82704eb4819146b79139a378f3c2be8a7