Overview

overview

10

Static

static

10

29a70c77d4...d2.exe

windows7-x64

10

29a70c77d4...d2.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    29a70c77d461b68314382ed070ddd78d2400d7ac5bddcbede267b96ffc9532d2

  • Size

    3.0MB

  • MD5

    f2b089bd630f90d61043bdc2030bb7c6

  • SHA1

    38cf3634eab35b848ef55e7316b96af1c4b25b25

  • SHA256

    29a70c77d461b68314382ed070ddd78d2400d7ac5bddcbede267b96ffc9532d2

  • SHA512

    d010af454bd548cb4aae1f0ef5108f0cb0186183842ff37200ada6c156c9a1bd9478e3b0b008e6f647cdec20ac805a34ea7c39669bd31db7b9777f52b69ae921

  • SSDEEP

    49152:4s7p1EZKMnkmWg8LX5prviYDyKS5AypQxbRQAo9JnCmpau/nRFfjI7L0qb:4sHTPJg8z1mKnypSbRxo9JCm

Score
10/10
xdorcus

Malware Config

Extracted

Family

orcus

Botnet

xd

C2

31.44.184.52:43660

Mutex

sudo_t61i190retit4wubnj3gfe60k604d9dj

Attributes
  • autostart_method

    Disable

  • enable_keylogger

    false

  • install_path

    %appdata%\Chrome\update.exe

  • reconnect_delay

    10000

  • registry_keyname

    Sudik

  • taskscheduler_taskname

    sudik

  • watchdog_path

    AppData\aga.exe

Signatures

  • Orcurs Rat Executable 1 IoCs
  • Orcus family
    orcus
  • Orcus main payload 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 29a70c77d461b68314382ed070ddd78d2400d7ac5bddcbede267b96ffc9532d2
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections