Overview

overview

10

Static

static

10

4cd8f3aeff...f5.exe

windows7-x64

10

4cd8f3aeff...f5.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    4cd8f3aeff6cec01a331002b5baa5f1f91a6dae16722271adc0386038aa8baf5

  • Size

    3.0MB

  • MD5

    83363605d24638b8fc128e26fc99dbb1

  • SHA1

    b602b3a1491fd689cf1edd40c70cc6e321b40e61

  • SHA256

    4cd8f3aeff6cec01a331002b5baa5f1f91a6dae16722271adc0386038aa8baf5

  • SHA512

    aaa9fdc7ffd06d355443dda05d67bf0b74fc4b60155ca424695317ee7667de0f0b3376c959e23923337c915e89b40004498270f12a734cf29aa61dc87ff81391

  • SSDEEP

    49152:1GX87p1EZKMnkmWg8LX5prviYDyKS5AypQxbRQAo9JnCmpKu/nRFfjI7L0qb:1LHTPJg8z1mKnypSbRxo9JCm

Score
10/10
новый тегorcus

Malware Config

Extracted

Family

orcus

Botnet

Новый тег

C2

31.44.184.52:54431

Mutex

sudo_x3v8xi6fx6m0g9wemnk619q3sfsavd9j

Attributes
  • autostart_method

    Disable

  • enable_keylogger

    false

  • install_path

    %appdata%\pipegame\lowuploads.exe

  • reconnect_delay

    10000

  • registry_keyname

    Sudik

  • taskscheduler_taskname

    sudik

  • watchdog_path

    AppData\aga.exe

Signatures

  • Orcurs Rat Executable 1 IoCs
  • Orcus family
    orcus
  • Orcus main payload 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 4cd8f3aeff6cec01a331002b5baa5f1f91a6dae16722271adc0386038aa8baf5
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections