Overview

overview

10

Static

static

10

26117e73d2...9b.exe

windows7-x64

10

26117e73d2...9b.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    26117e73d2cd9417ae54ffe789a2ff9bc71202f3d29c68b0374628cf04d9299b

  • Size

    924KB

  • MD5

    d4c903dd16913f5133997999e217a079

  • SHA1

    7a73a4e1d55c4265b3b5449b7a64fa08e18a7273

  • SHA256

    26117e73d2cd9417ae54ffe789a2ff9bc71202f3d29c68b0374628cf04d9299b

  • SHA512

    cb6be573946d278c814aeffe5a67e4473b7b5037191ca0de65003170744125f466b78c3ae47cd92c3ab66514a0659dee3794be086786e495310b58dc02c54e3f

  • SSDEEP

    24576:dGq4MROxnFE33O3orrcI0AilFEvxHPXoop:duMiuMorrcI0AilFEvxHP

Score
10/10
test_oneorcus

Malware Config

Extracted

Family

orcus

Botnet

Test_one

C2

192.168.11.172:55505

Mutex

8e30ae40441e44d7964395f4918297b2

Attributes
  • autostart_method

    TaskScheduler

  • enable_keylogger

    true

  • install_path

    %programfiles%\Realtek\Realtek.exe

  • reconnect_delay

    10000

  • registry_keyname

    Realtek HD Audio UniversaI Service

  • taskscheduler_taskname

    Realtek HD Audio Universal Service

  • watchdog_path

    AppData\Realtek_audio.exe

Signatures

  • Orcurs Rat Executable 1 IoCs
  • Orcus family
    orcus
  • Orcus main payload 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 26117e73d2cd9417ae54ffe789a2ff9bc71202f3d29c68b0374628cf04d9299b
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections