Overview

overview

10

Static

static

10

1bc223aed3...cc.exe

windows7-x64

10

1bc223aed3...cc.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1bc223aed315349c64f11e2c1b82c51ac13b270919a48bf8e799ae1bd45b17cc

  • Size

    1.1MB

  • MD5

    b03ab8a74cf59fc472a4789bf8140c7f

  • SHA1

    90ca9a977bd349a589c539511b5ccfe2387169c0

  • SHA256

    1bc223aed315349c64f11e2c1b82c51ac13b270919a48bf8e799ae1bd45b17cc

  • SHA512

    d2d3e0b5e7a6f7358ace03d2ede2535ad5e5c7b68f8ce6a0112a0a2715850146f5d724f0f3824653724831bcb3c45587b6c79ad7765011cdefc85cdb0e55d321

  • SSDEEP

    24576:91j4MROxnFE3FO3FrrcI0AilFEvxHPgWooLtW6pXcWSE+:9iMiuKFrrcI0AilFEvxHPg96VcWS

Score
10/10
in silenceorcus

Malware Config

Extracted

Family

orcus

Botnet

In Silence

C2

192.168.1.69:10134

Mutex

a7fb4837861d40698b4e9e27bd20daa7

Attributes
  • autostart_method

    TaskScheduler

  • enable_keylogger

    true

  • install_path

    %programfiles%\Orcus\Orcus.exe

  • reconnect_delay

    10000

  • registry_keyname

    Orcus

  • taskscheduler_taskname

    In Silence

  • watchdog_path

    AppData\OrcusWatchdog.exe

Signatures

  • Orcurs Rat Executable 1 IoCs
  • Orcus family
    orcus
  • Orcus main payload 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 1bc223aed315349c64f11e2c1b82c51ac13b270919a48bf8e799ae1bd45b17cc
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections