Overview

overview

10

Static

static

10

de86b5e626...94.exe

windows7-x64

10

de86b5e626...94.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    de86b5e62621b9db58d580e0731f4abb94fc7f69ab76c8d8792f975b1a2fba94

  • Size

    3.0MB

  • MD5

    81da286f744b8b39222a5c3001d764b0

  • SHA1

    54b03a729395f80a14972d121f11502815dbb024

  • SHA256

    de86b5e62621b9db58d580e0731f4abb94fc7f69ab76c8d8792f975b1a2fba94

  • SHA512

    f96a172431b7d023efad3067a9ae0d0ab72393e14741b04ab70eec58af474f0e5ba102477bdf47a3b7b4c10f035fbcd717dc36a1a7a7002a8c1898aec238dfb0

  • SSDEEP

    49152:Y1HS7p1EZKMnkmWg8LX5prviYDyKS5AypQxbRQAo9JnCmpbu/nRFfjI7L0qb:YUHTPJg8z1mKnypSbRxo9JCm

Score
10/10
psivdaorcus

Malware Config

Extracted

Family

orcus

Botnet

psivda

C2

31.44.184.52:13642

Mutex

sudo_f4bis604zz3qqkj97uqtufxsydx7puo3

Attributes
  • autostart_method

    Disable

  • enable_keylogger

    false

  • install_path

    %appdata%\dle_private\generatordatalife.exe

  • reconnect_delay

    10000

  • registry_keyname

    Sudik

  • taskscheduler_taskname

    sudik

  • watchdog_path

    AppData\aga.exe

Signatures

  • Orcurs Rat Executable 1 IoCs
  • Orcus family
    orcus
  • Orcus main payload 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • de86b5e62621b9db58d580e0731f4abb94fc7f69ab76c8d8792f975b1a2fba94
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections