Overview

overview

10

Static

static

10

123.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    123.exe

  • Size

    846KB

  • MD5

    5791306a6d85166a28c4a678ed473691

  • SHA1

    bca4557e4cd3f7fece5c44cb81dfe91dc781f880

  • SHA256

    db01ee3d2bd504fc4f03cbdf1a2d5eb61f2b59bb1bb19ca66cacf29e39e2f294

  • SHA512

    6e7aa7d3b79dea99faef818f5c4d05b8bb2802eb123ac1bcc6c67d22b24d95aaaf7e939d7a771751ed2fc3c866ca76bcf15e1ed7f229e4c89c4cc77a93b70766

  • SSDEEP

    24576:cItS04YNEMuExDiU6E5R9s8xY/2l/ddSIbt+rS:cI/4auS+UjfU2T0Ibt+r

Score
10/10
ratorcus

Malware Config

Extracted

Family

orcus

C2

147.185.221.16

1tool-closes.gl.at.ply.gg
Mutex

0cfe3edb80da4dba8e916709b1465163

Attributes
  • administration_rights_required

    false

  • anti_debugger

    false

  • anti_tcp_analyzer

    false

  • antivm

    false

  • autostart_method

    1

  • change_creation_date

    false

  • force_installer_administrator_privileges

    false

  • hide_file

    false

  • install

    false

  • installation_folder

    %appdata%\Microsoft\Speech\AudioDriver.exe

  • installservice

    false

  • keylogger_enabled

    false

  • newcreationdate

    03/06/2025 19:52:41

  • plugins

    AgUFyfihswTdIPqEArukcmEdSF06Hw9CAFMAbwBEACAAUAByAG8AdABlAGMAdABpAG8AbgAHAzEALgAwAEEgZgA4ADcAYgBlADMAMAAyADQAMwAzADIANABmADcAYQA5ADQAZAA3AGQANQBjADEAMwA3ADcAZQBlADQANwAwAAEFl6aNkQPXkQKOmwKLvFcpr24sKCsVRABpAHMAYQBiAGwAZQAgAFcAZQBiAGMAYQBtACAATABpAGcAaAB0AHMABwMxAC4AMABBIDQAMgAxAGIAYwAwADEAYgBmADIANQAwADQANgA3ADAAYgAzADMAZABmAGYANgAzAGEAZQBlADMAYQBlAGUAOAABAAAEBA==

  • reconnect_delay

    10000

  • registry_autostart_keyname

    Audio HD Driver

  • registry_hidden_autostart

    false

  • set_admin_flag

    false

  • tasksch_name

    Audio HD Driver

  • tasksch_request_highest_privileges

    false

  • try_other_autostart_onfail

    false

aes.plain
1
CrackedByWardow

Signatures

  • Orcus family
    orcus
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 123.exe
    .exe windows:4 windows x86 arch:x86

    Password: 123

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.