orcus | 29c34406bc0b9ae5c44474529917fd6e2177f66381131aa2ede5bfb6da334d96[.]zip

General

Target

29c34406bc0b9ae5c44474529917fd6e2177f66381131aa2ede5bfb6da334d96.zip
Size

2.6MB
MD5

f636f06e1b0627025c4b6527aa6a3c15
SHA1

6d3a292c366db88671eb9ff103610e87e3e70cc1
SHA256

aafc636bf86569098d54c01b94a582f118f16b6744925ee0b2816164526b2282
SHA512

0f3dc26e011057ee0f7b800d5076959eec11c3a87021c64f5e808b387527c585b758f8996a936c9c5ce1fc794819030919c0d9f64b5e2fe12c4c993a1f7b6b62
SSDEEP

49152:oB0DpFNItvLdQut9sZ6isNPeSu7v8Dk5bVkt2UVAArch7CfHtS20drVIxTv:oGItvNt9sZVGmR78DAVkEUfrcoHtQrkD

Score

10^/10

sln orcus

Family

orcus

Botnet

Sln

C2

193.138.195.211:10134

Mutex

eaf050d367294b239fe7db992d6ea4d7

Attributes

Orcurs Rat Executable 1 IoCs

resource	yara_rule
static1/unpack001/29c34406bc0b9ae5c44474529917fd6e2177f66381131aa2ede5bfb6da334d96.exe	orcus

Orcus main payload 1 IoCs

resource	yara_rule
static1/unpack001/29c34406bc0b9ae5c44474529917fd6e2177f66381131aa2ede5bfb6da334d96.exe	family_orcus

29c34406bc0b9ae5c44474529917fd6e2177f66381131aa2ede5bfb6da334d96.zip
.zip

Password: infected
29c34406bc0b9ae5c44474529917fd6e2177f66381131aa2ede5bfb6da334d96.exe
.exe windows x86

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 3.0MB - Virtual size: 3.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ