Overview

overview

10

Static

static

10

d2700db3d7...d0.exe

windows7-x64

10

d2700db3d7...d0.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    d2700db3d7145017e4570a4e19aa6e44dc1a87543637e1195dbe169318c16dd0

  • Size

    922KB

  • MD5

    2f3d6c45b5c428d17471d1c4d1c066a6

  • SHA1

    ef3ae75ab3bbef79f8e56ce313f2813e096f2bb7

  • SHA256

    d2700db3d7145017e4570a4e19aa6e44dc1a87543637e1195dbe169318c16dd0

  • SHA512

    417a9fdbf7006c0b09386b75ac8ed24be44eda2a7e3263c093e0dd2eb109a2f167ac2ac8168f709c06abccee03e9de97456d03a3afa6852e278b49af1e342502

  • SSDEEP

    24576:21j4MROxnFi3xs4rrcI0AilFEvxHPuooyX:2iMioK4rrcI0AilFEvxHP

Score
10/10
blumhackorcus

Malware Config

Extracted

Family

orcus

Botnet

Blumhack

C2

192.168.1.69:10134

Mutex

92734687817a427285a117577619b55d

Attributes
  • autostart_method

    TaskScheduler

  • enable_keylogger

    true

  • install_path

    %programfiles%\Orcus\Orcus.exe

  • reconnect_delay

    10000

  • registry_keyname

    Orcus

  • taskscheduler_taskname

    Blumhack

  • watchdog_path

    AppData\OrcusWatchdog.exe

Signatures

  • Orcurs Rat Executable 1 IoCs
  • Orcus family
    orcus
  • Orcus main payload 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • d2700db3d7145017e4570a4e19aa6e44dc1a87543637e1195dbe169318c16dd0
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections