Overview

overview

10

Static

static

10

ac96553beb...43.exe

windows7-x64

10

ac96553beb...43.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ac96553bebcca327820b7e4b8cf980ccdecef681d93e001f2ddebd4c7d8ea043

  • Size

    846KB

  • MD5

    120270430b87201f1f3820a93bc504d8

  • SHA1

    dd54fb83743a6b22bfc34260075a7cb0d37ee513

  • SHA256

    ac96553bebcca327820b7e4b8cf980ccdecef681d93e001f2ddebd4c7d8ea043

  • SHA512

    8c42e7a0d60ae87237886e5a1482dde331143c3fb2bc498006c2bd35279770f1e2ab0589e173ff964784797e58d8cbbcd88f1c14eb8cb3bdf734b50afec25dc9

  • SSDEEP

    24576:mCRS04YNEMuExDiU6E5R9s8xY/2l/dOBaIbt+rj:mCT4auS+UjfU2TWaIbt+r

Score
10/10
ratskidorcus

Malware Config

Extracted

Family

orcus

Botnet

Skid

C2

51.81.73.9

Mutex

4be9dadb55374df0a402a39a2fb0ad2e

Attributes
  • administration_rights_required

    false

  • anti_debugger

    false

  • anti_tcp_analyzer

    false

  • antivm

    false

  • autostart_method

    1

  • change_creation_date

    false

  • force_installer_administrator_privileges

    false

  • hide_file

    false

  • install

    false

  • installation_folder

    %appdata%\Microsoft\Speech\AudioDriver.exe

  • installservice

    false

  • keylogger_enabled

    false

  • newcreationdate

    01/29/2025 01:40:30

  • plugins

    AgUFyfihswTdIPqEArukcmEdSF06Hw9CAFMAbwBEACAAUAByAG8AdABlAGMAdABpAG8AbgAHAzEALgAwAEEgNwBlADAAOQAxADQAOAA0ADMAMAA4ADAANAA2ADEAOQA4ADMAOQA0ADMAMQBjADYAYwAxADMAMABmAGQAZQBlAAEFl6aNkQPXkQKOmwKLvFcpr24sKCsVRABpAHMAYQBiAGwAZQAgAFcAZQBiAGMAYQBtACAATABpAGcAaAB0AHMABwMxAC4AMABBIDYAZQBkAGIAMAAzADUAOQAyADMAOAAzADQAZAAwAGEAYgBlAGUAZABlADIANQAyADgAZAAwADkAZAA4AGEAYwABAAAEBA==

  • reconnect_delay

    10000

  • registry_autostart_keyname

    Audio HD Driver

  • registry_hidden_autostart

    false

  • set_admin_flag

    false

  • tasksch_name

    Audio HD Driver

  • tasksch_request_highest_privileges

    false

  • try_other_autostart_onfail

    false

aes.plain

Signatures

  • Orcus family
    orcus
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • ac96553bebcca327820b7e4b8cf980ccdecef681d93e001f2ddebd4c7d8ea043
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections