Overview

overview

10

Static

static

10

5a7e4eb210...91.exe

windows7-x64

10

5a7e4eb210...91.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    5a7e4eb21012621383ec2a556e63202d42334c02da350c1eaa7af7d1c9088691

  • Size

    3.0MB

  • MD5

    f210202bfa18db14c6ec346037e4cb64

  • SHA1

    be0a794a92753d152eebf2c9478da14156d1084f

  • SHA256

    5a7e4eb21012621383ec2a556e63202d42334c02da350c1eaa7af7d1c9088691

  • SHA512

    a6b5d64679a0a52a1357ae23890ee324788c2fedfcb03059f9d083ae423df060a93983053a277a3f577b296821754596cd0b876d160a309b888569cde738a49d

  • SSDEEP

    49152:Y1HS7p1EZKMnkmWg8LX5prviYDyKS5AypQxbRQAo9JnCmpbu/nRFfjI7L0qb:YUHTPJg8z1mKnypSbRxo9JCm

Score
10/10
новый тегorcus

Malware Config

Extracted

Family

orcus

Botnet

Новый тег

C2

31.44.184.52:23303

Mutex

sudo_ofcp37vv54izlwrf1h65z8l5gj4mqi71

Attributes
  • autostart_method

    Disable

  • enable_keylogger

    false

  • install_path

    %appdata%\toprocessorcdn\local_.exe

  • reconnect_delay

    10000

  • registry_keyname

    Sudik

  • taskscheduler_taskname

    sudik

  • watchdog_path

    AppData\aga.exe

Signatures

  • Orcurs Rat Executable 1 IoCs
  • Orcus family
    orcus
  • Orcus main payload 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 5a7e4eb21012621383ec2a556e63202d42334c02da350c1eaa7af7d1c9088691
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections