Overview
overview
10Static
static
1Orion Keyl...PI.dll
windows7_x64
1Orion Keyl...PI.dll
windows10-2004_x64
1Orion Keyl...me.dll
windows7_x64
1Orion Keyl...me.dll
windows10-2004_x64
1Orion Keyl...ol.exe
windows7_x64
10Orion Keyl...ol.exe
windows10-2004_x64
10Orion Keyl...or.dll
windows7_x64
1Orion Keyl...or.dll
windows10-2004_x64
1Orion Keyl...UI.dll
windows7_x64
1Orion Keyl...UI.dll
windows10-2004_x64
1Orion Keyl...il.dll
windows7_x64
1Orion Keyl...il.dll
windows10-2004_x64
1Orion Keyl...on.dll
windows7_x64
1Orion Keyl...on.dll
windows10-2004_x64
1Orion Keyl...r2.exe
windows7_x64
1Orion Keyl...r2.exe
windows10-2004_x64
1Orion Keyl...ng.dll
windows7_x64
1Orion Keyl...ng.dll
windows10-2004_x64
1Orion Keyl...UI.dll
windows7_x64
1Orion Keyl...UI.dll
windows10-2004_x64
1Orion Keyl...lt.dll
windows7_x64
1Orion Keyl...lt.dll
windows10-2004_x64
3General
-
Target
8f25770adfb0401fc602c1e21067f3b5756a40b68b582f9e495708b8366cca03
-
Size
1.4MB
-
Sample
220612-mccjmsggcl
-
MD5
a91cf1bf6927737e7f4d5ce1c50c4a55
-
SHA1
e67239f97dbcf6763588c9e5669228d3c081240f
-
SHA256
8f25770adfb0401fc602c1e21067f3b5756a40b68b582f9e495708b8366cca03
-
SHA512
e4a9558cd49eedd8ea675463b423dcd2736f9e9767c80facdae59e187b06ee5f8d8c2e41037d4ff4ed4658181736efd7386b2bfa320863cf5b8b9019b38280f8
Static task
static1
Behavioral task
behavioral1
Sample
Orion Keylogger 2.1 crcked/961API.dll
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Orion Keylogger 2.1 crcked/961API.dll
Resource
win10v2004-20220414-en
Behavioral task
behavioral3
Sample
Orion Keylogger 2.1 crcked/Booya Theme.dll
Resource
win7-20220414-en
Behavioral task
behavioral4
Sample
Orion Keylogger 2.1 crcked/Booya Theme.dll
Resource
win10v2004-20220414-en
Behavioral task
behavioral5
Sample
Orion Keylogger 2.1 crcked/Cure Tool.exe
Resource
win7-20220414-en
Behavioral task
behavioral6
Sample
Orion Keylogger 2.1 crcked/Cure Tool.exe
Resource
win10v2004-20220414-en
Behavioral task
behavioral7
Sample
Orion Keylogger 2.1 crcked/KeikoObfuscator.dll
Resource
win7-20220414-en
Behavioral task
behavioral8
Sample
Orion Keylogger 2.1 crcked/KeikoObfuscator.dll
Resource
win10v2004-20220414-en
Behavioral task
behavioral9
Sample
Orion Keylogger 2.1 crcked/MintUI.dll
Resource
win7-20220414-en
Behavioral task
behavioral10
Sample
Orion Keylogger 2.1 crcked/MintUI.dll
Resource
win10v2004-20220414-en
Behavioral task
behavioral11
Sample
Orion Keylogger 2.1 crcked/Mono.Cecil.dll
Resource
win7-20220414-en
Behavioral task
behavioral12
Sample
Orion Keylogger 2.1 crcked/Mono.Cecil.dll
Resource
win10v2004-20220414-en
Behavioral task
behavioral13
Sample
Orion Keylogger 2.1 crcked/Newtonsoft.Json.dll
Resource
win7-20220414-en
Behavioral task
behavioral14
Sample
Orion Keylogger 2.1 crcked/Newtonsoft.Json.dll
Resource
win10v2004-20220414-en
Behavioral task
behavioral15
Sample
Orion Keylogger 2.1 crcked/Orion Keylogger2.exe
Resource
win7-20220414-en
Behavioral task
behavioral16
Sample
Orion Keylogger 2.1 crcked/Orion Keylogger2.exe
Resource
win10v2004-20220414-en
Behavioral task
behavioral17
Sample
Orion Keylogger 2.1 crcked/Ranger.BrowserLogging.dll
Resource
win7-20220414-en
Behavioral task
behavioral18
Sample
Orion Keylogger 2.1 crcked/Ranger.BrowserLogging.dll
Resource
win10v2004-20220414-en
Behavioral task
behavioral19
Sample
Orion Keylogger 2.1 crcked/RedPandaUI.dll
Resource
win7-20220414-en
Behavioral task
behavioral20
Sample
Orion Keylogger 2.1 crcked/RedPandaUI.dll
Resource
win10v2004-20220414-en
Behavioral task
behavioral21
Sample
Orion Keylogger 2.1 crcked/ranger.browserlogging.vault.dll
Resource
win7-20220414-en
Behavioral task
behavioral22
Sample
Orion Keylogger 2.1 crcked/ranger.browserlogging.vault.dll
Resource
win10v2004-20220414-en
Malware Config
Extracted
limerat
1d15EibWVaZg8KADH1wR5phqhtyhbbdCc
-
aes_key
batata1
-
antivm
true
-
c2_url
https://pastebin.com/raw/hqkeiAWx
-
delay
3
-
download_payload
false
-
install
true
-
install_name
twvrsvc.exe
-
main_folder
AppData
-
pin_spread
false
-
sub_folder
\TeamViewer\
-
usb_spread
true
Targets
-
-
Target
Orion Keylogger 2.1 crcked/961API.dll
-
Size
18KB
-
MD5
5f02810707b72bac26cf2b0da83e0335
-
SHA1
76410d5b3057ff11865b0fc723df2ca543b3bd86
-
SHA256
4faa5cbe75f96afb5dbbde84c0e5011f0d1f9c06240fb0361a185921b1676e31
-
SHA512
c44683b3e29fecc807ce28ca6bc9468ff4f6e6c827b5fabfde5c67f708cd997d5fa1004759bece41b441de40a8022611b4c56e0a688eb3a9bf125b6b920b9d1e
Score1/10 -
-
-
Target
Orion Keylogger 2.1 crcked/Booya Theme.dll
-
Size
211KB
-
MD5
1230bb7cc6a5979af5bfa54b3cbf3c05
-
SHA1
172e6e8f392ba8593f9553eaa9be3617e878de55
-
SHA256
1f6d1f6ea18fa5d477ac6bfe7f4aa32eff97f788d02ef02d2698502099a7eac8
-
SHA512
f85c630c888e51c434b40fdf3d7ed304a946db3b6618387025984068bc17d5741f57f443b48263fad3fcedfa48377c31a84c90db786b3d7b43d2735765c85770
Score1/10 -
-
-
Target
Orion Keylogger 2.1 crcked/Cure Tool.exe
-
Size
61KB
-
MD5
bb2de5629dfeb812b45fb00a6fbadf4e
-
SHA1
e3a3642264eae88eba72c67933057f2dfc2dd2b6
-
SHA256
fc790cea14d04d9090ab085b585a8017ad469ebbce5c9d29c8d877ccf9e3efbf
-
SHA512
3d3a250e9c6ca842daf90d9b666796dc7e8cebce83ed3ab972db052f60fc70418c7aa3f45f45b0ab61f63e7621d147620f20734bc8556e6d614c49abb7eba28d
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
-
-
Target
Orion Keylogger 2.1 crcked/KeikoObfuscator.dll
-
Size
25KB
-
MD5
4c3c8964a7da9778ce4a43edc1598d90
-
SHA1
e731ad6b55d0e795f18170e76bc48307d4d11e0e
-
SHA256
88278312b79d042f340814ec031f83b3b50c76bef62d2de376f581205956a509
-
SHA512
528be968faedd8c5628a7e73d448c32456afece374abea0c01a835a8c0058ccebb38735d05d7458287593716569bfecefa51a06215f8d182b28cf89f2a1cc7e3
Score1/10 -
-
-
Target
Orion Keylogger 2.1 crcked/MintUI.dll
-
Size
86KB
-
MD5
a9c6542147b7ade88d6fdc6529819a86
-
SHA1
e73959bbfd70be8d416bf935de15a2b77bf5bbb0
-
SHA256
ca8b786eca2ffbfd5567c3be3084d0d54df27dad26181719ce4dbbfb659fb75e
-
SHA512
797cfa555727f921f9e6f3337a4dcd75368b01d00bdc157039e9c66483f69bb2177ae754a9f22a71ef7f4fe78c8f3b2adc92df4f01cc6a7ce753a51d82b7ae17
Score1/10 -
-
-
Target
Orion Keylogger 2.1 crcked/Mono.Cecil.dll
-
Size
301KB
-
MD5
a9c1eea90bca2e1971fba535e1916e5d
-
SHA1
51a49d36c3373c9236adb1900745cd66894d14a1
-
SHA256
659e04c5dd62888b6ed6fe8413b9d2d55dece0e6e4964929e661372a3d9b2538
-
SHA512
1144a1246d734e7143eac1ef1be95b43ab8f031865236d317f28ce35e73552be43c871bd912d24c58a42fecf0821aad4e33198b2f1ce8db734460a8f7c384749
Score1/10 -
-
-
Target
Orion Keylogger 2.1 crcked/Newtonsoft.Json.dll
-
Size
638KB
-
MD5
f33cbe589b769956284868104686cc2d
-
SHA1
2fb0be100de03680fc4309c9fa5a29e69397a980
-
SHA256
973fd70ce48e5ac433a101b42871680c51e2feba2aeec3d400dea4115af3a278
-
SHA512
ffd65f6487bc71c967abcf90a666080c67b8db010d5282d2060c9d87a9828519a14f5d3a6fe76d81e1d3251c2104a2e9e6186af0effd5f331b1342682811ebf4
Score1/10 -
-
-
Target
Orion Keylogger 2.1 crcked/Orion Keylogger2.exe
-
Size
1.1MB
-
MD5
b833cebbda9fdf4dbf8db5f3e91eb506
-
SHA1
80ec01247220a5008ce51e3403d86910d8cfd258
-
SHA256
7e58e0627e7359aaf2dcae8bcc821a83c97c7c560c539c1c8f186bdff67d6bfb
-
SHA512
3efeebd5eb00936fe9114307f205dad8f64bc840a529441abc32c4c6d20a80dea9c9e5c3aaa72ecc358425565fe8b7cd61239397e4c2cc58c68a9e1b6d55818c
Score1/10 -
-
-
Target
Orion Keylogger 2.1 crcked/Ranger.BrowserLogging.dll
-
Size
264KB
-
MD5
e38908149f2825b604f7d8f2d91194ca
-
SHA1
ef33fce1e15fae423e0baf8ca1e331b691da794b
-
SHA256
71caaaaa2cd513485f1d5901090ef022c943185f9f53713123af9c6c5f24a22d
-
SHA512
6b4061cdae7522ae2bdaecdd9ca596972bbf7e728de0082804cd35939a15d014fafd52d8860e9d1108c8ea30209028e32734e22a3eabc4ff88466956c2fcc735
Score1/10 -
-
-
Target
Orion Keylogger 2.1 crcked/RedPandaUI.dll
-
Size
36KB
-
MD5
8346fde589de3ceeeaab8f8100b3928f
-
SHA1
4140a38bc0c1c459128076a59c2d52ae400cf954
-
SHA256
136b11772e6b27cb85f0199316961767f10ea8a4f8095b9568919384b9ff8f07
-
SHA512
73f6503261b4e640343a39d1d800890b1a47ba434b6387a329f0b217ac7c900e73bee4640508c86c888a903c665e8be92bdda627248fb909859b67f01b25df54
Score1/10 -
-
-
Target
Orion Keylogger 2.1 crcked/ranger.browserlogging.vault.dll
-
Size
197KB
-
MD5
203a65f044e610957503bef112566e87
-
SHA1
8786f041ae5cb0a0180b2f069675a9e3c11aaba0
-
SHA256
4d8fd614baa65b40ead4225faff90a38d5a0f7fdb166abb09778b5255c8576b4
-
SHA512
39bde611a8cfe0332938134d190cb424e20546936dee6185edaaad63b5618b686c81d04f20bade36fae7ff8fdcce4e2a911934f29bb661e0654a09fefc193065
Score3/10 -