General

  • Target

    chinesespy.exe

  • Size

    903KB

  • MD5

    45b933296191359f5a8dc178c2fb5fe2

  • SHA1

    a8670c1bf5622de1d0fe26dcd7f1b48d2c98db18

  • SHA256

    b8a15311ed13113ed3f7247859db765c5034151e31ccccbc0651b43c0e9709cc

  • SHA512

    d7be0a68d3f67ecbaff1a27e44a4daa45c38e8d845c1ff4dd7b4f64b91661b35f795803c32e16923ebbc474111752fee44293876da61a5c889f033c696cd5b85

  • SSDEEP

    12288:O0XCGPSX0zbyD+ndg+QCImGYUl9qyzlkE2kUNCBfm9rR6W7BaepBwzo7dG1lFlWs:Dam4MROxnF4HrrcI0AilFEvxHPUoo1

Score
10/10

Malware Config

Extracted

Family

orcus

C2

171.113.133.41:10134

Mutex

52365d581fe14390b774a210d03d4b04

Attributes
  • autostart_method

    Disable

  • enable_keylogger

    false

  • install_path

    %programfiles%\Orcus\Orcus.exe

  • reconnect_delay

    10000

  • registry_keyname

    Orcus

  • taskscheduler_taskname

    Orcus

  • watchdog_path

    AppData\OrcusWatchdog.exe

Signatures

  • Orcurs Rat Executable 1 IoCs
  • Orcus family
  • Orcus main payload 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • chinesespy.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.