Overview

overview

10

Static

static

10

0x000b0000...67.exe

windows7-x64

10

0x000b0000...67.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    0x000b00000001224f-67.dat

  • Size

    3.1MB

  • MD5

    c947802e4ff7646d3dcfa28fa3a9f47b

  • SHA1

    7d2b692d73ec80ab9c32480bf0a728438cc2862f

  • SHA256

    d2a76383575f395bb84b0df4a5a00da8882bfe6f4f0efee14abf6831ff35631b

  • SHA512

    bc86c4261a19db626d92785a91fa17fc6dcab6b84c729b19ca95827133dd81636f0ab9ec24dc824c31b207d6b42ebfd81383c0c9112c1672aa50a1f3cfa78593

  • SSDEEP

    49152:rvVL5ImQZKMFgZOhE5uagzHMubU6a+xzFUh4gDFAypQxbJZSo9JnCmPfMLnRFf2z:LImXUWdcb3Q6abh4ZypSbJgo9JCmk

Score
10/10
новый тегorcus

Malware Config

Extracted

Family

orcus

Botnet

Новый тег

C2

128.59.46.185:20954

Mutex

sudo_t5h71vhdjlc15uv100unb79v0m48rb0o

Attributes
  • autostart_method

    Disable

  • enable_keylogger

    false

  • install_path

    %appdata%\securepipeasync\lineline.exe

  • reconnect_delay

    10000

  • registry_keyname

    Sudik

  • taskscheduler_taskname

    sudik

  • watchdog_path

    AppData\aga.exe

Signatures

  • Orcurs Rat Executable 1 IoCs
  • Orcus family
    orcus
  • Orcus main payload 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 0x000b00000001224f-67.dat
    .exe windows x64


    Headers

    Sections