Overview

overview

7

Static

static

3

ORIONX-FUD...ER.exe

windows7-x64

7

ORIONX-FUD...ER.exe

windows10-2004-x64

7

ORIONX-FUD...ub.exe

windows7-x64

7

ORIONX-FUD...ub.exe

windows10-2004-x64

7

Resubmissions

01/04/2023, 14:08

230401-rfvlvaae29 7

Sharing

Copy URL Twitter E-mail

General

  • Target

    ORIONX-FUD-CRYPTER-main.zip

  • Size

    63.1MB

  • Sample

    230401-rfvlvaae29

  • MD5

    c7c027aa5c367e3d4e97a3d9c375f05b

  • SHA1

    f9e9654a5df75bfe44f46448fc2af88077bed096

  • SHA256

    457d8bf10acb728a8a930c69e36097468ce7f66470bf228f1ed05028fb380590

  • SHA512

    32cbee2284d5048257c30d103e3538b3bc3485040527a0f55584c025fb0e90b3e4c5debdc850ecfc2c8bfedd1c73eaf67c6311039f296c6b162aba5656ef5580

  • SSDEEP

    1572864:g6LmvYw9nyfogTrPrGQQVQZlpfjhXhNX7oIeyKRNSl:vLmvBTuKlQt9RNXQyKRK

Score
7/10
pyinstallerspywarestealer

Malware Config

Targets

    • Target

      ORIONX-FUD-CRYPTER-main/ORIONX FUD CRYPTER.exe

    • Size

      8.6MB

    • MD5

      81ea598f0d65a44e4c3bbb2c071350b6

    • SHA1

      bf6cca08f337875691871bb4daa86746b2014a2d

    • SHA256

      6c63c28f9c7e4d824db6a1c2b076b30498f3d90c73ff27a29edab3819f39e454

    • SHA512

      15cdaceb59593c172375fa670a6b808273ee26468deb239a810163b3b2268be9c45fadd8503b798dc59f900c38fca6415f2081e16a12a569dd09f8adeef1f37d

    • SSDEEP

      196608:GIYUxbAQ5Itwq+ZkiKDIN/1q3+dgSux0vtk0W8/LaK1:5bx2aq+ZkFMq3+d9ux0lDW8

    Score
    7/10

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

    • Target

      ORIONX-FUD-CRYPTER-main/main/sys/sys_stub.exe

    • Size

      55.0MB

    • MD5

      5fcea5af302afdd378c944c42d9638d9

    • SHA1

      0025c7b095c40e4ac18094dcfcd53db4ef395803

    • SHA256

      42bee116877b44ec74589b7fe56670e27c8b991de437d01445f4f41f6749e0b7

    • SHA512

      0abfcd9d002cd3a8213c56b8e7e7b01baa5cfb192ce5b78df4a14c73da4e28d76bae5d271f4c2cf6cc479a956bf31fbc0a83598b1cfd7a75f97e4dc8b5aa6c8b

    • SSDEEP

      786432:4e3xWMupvFOdnGpl7bzVw2cksqgDhkQ7GTcCLLsbQRXzehKIL3lYVsiAqoK67CkF:4e3x0v0wphpteaZRXzeAs347s7CkKlc

    Score
    7/10
    spywarestealer

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral3behavioral4

MITRE ATT&CK Enterprise v6

Tasks