General
-
Target
7076a4830f2294b3f5ed5f695a6809bf30d2532fe768a579e8a13d6ed90d957a
-
Size
917KB
-
MD5
b89e484260d55420abd2837adf1fbb5e
-
SHA1
25f5e70c144f9bf3383892104c82f7382f824424
-
SHA256
7076a4830f2294b3f5ed5f695a6809bf30d2532fe768a579e8a13d6ed90d957a
-
SHA512
983f3116111a999f316d494a7db538e6f9a2f2f2fa811fb08e28628a435876e7c52577f2998f3e700599d128c95f4afa189e117f3cda7003694de65a423c2952
-
SSDEEP
24576:+554MROxnFD3cw8XlrrcI0AilFEvxHPhCoog:+QMiJArrcI0AilFEvxHP
Score
10/10
Malware Config
Extracted
Family
orcus
C2
selected-prove.gl.at.ply.gg:23398
Mutex
607dffe61a7d4757a14c10330fc5e802
Attributes
-
autostart_method
TaskScheduler
-
enable_keylogger
false
-
install_path
%programfiles%\Microsoft\Edge\Application\msupdate.exe
-
reconnect_delay
10000
-
registry_keyname
Microsoft Edgde Updater
-
taskscheduler_taskname
Microsoft Edge Runtime
-
watchdog_path
Temp\ALKI@#PI!J)PRa)(r.exe
Signatures
-
Orcurs Rat Executable 1 IoCs
-
Orcus family
-
Orcus main payload 1 IoCs
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Files
-
7076a4830f2294b3f5ed5f695a6809bf30d2532fe768a579e8a13d6ed90d957a
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
Imports
Sections