General
-
Target
8cbde96ada607b270b1ca1bd725c946f_JaffaCakes118
-
Size
905KB
-
MD5
8cbde96ada607b270b1ca1bd725c946f
-
SHA1
29d7cd4c3dfb7d63e169f87053ae73f6ebf4b449
-
SHA256
88f1963ba61b31fd9c2fb7b604867bc3d04552dead616f6ebb63945014df16ba
-
SHA512
f46348214286f34535cb3f27e31f7dfc01b6666a2940b60ca6c203c18e368fb77e0fa3b6b104e379aa66d40a0a6407b2bf7a8afedac7dfe838daf256d1d98363
-
SSDEEP
24576:ZKa4MROxnF0ptJSRrrcI0AilFEvxHPRtoo3:ZOMiSTSRrrcI0AilFEvxHP
Score
10/10
Malware Config
Extracted
Family
orcus
C2
eta.ne.virus.ne.trogaj.mena.kstati.putinso.site:3232
Mutex
3798ee9268c5481cb713c259a2b2a0d2
Attributes
-
autostart_method
Registry
-
enable_keylogger
true
-
install_path
%appdata%\regedit.exe
-
reconnect_delay
10000
-
registry_keyname
Disc0rd
-
taskscheduler_taskname
Orcus
-
watchdog_path
AppData\OrcusWatchdog.exe
Signatures
-
Orcurs Rat Executable 1 IoCs
-
Orcus family
-
Orcus main payload 1 IoCs
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Files
-
8cbde96ada607b270b1ca1bd725c946f_JaffaCakes118
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
Imports
Sections