Overview

overview

10

Static

static

10

cf14723aad...b3.exe

windows7-x64

10

cf14723aad...b3.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    cf14723aadf2fa09f5c07e86dfb0eccb0a7141d5adcc301448d33e7c8fc611b3

  • Size

    3.0MB

  • MD5

    e3c68f12cc54598d8bd3636d01049707

  • SHA1

    a24393e5a072b58a55dfa320dd5ea9b796526377

  • SHA256

    cf14723aadf2fa09f5c07e86dfb0eccb0a7141d5adcc301448d33e7c8fc611b3

  • SHA512

    8f247eb003f79bc95282dcea676b8c27160bbf99ef5a451464c023c38aaa8c48b03835c11adcb5a7aa7f866465249d55a2243246ca79d870aae8782df1a925de

  • SSDEEP

    49152:LGX87p1EZKMnkmWg8LX5prviYDyKS5AypQxbRQAo9JnCmpKu/nRFfjI7L0qb:LLHTPJg8z1mKnypSbRxo9JCm

Score
10/10
aimwaveorcus

Malware Config

Extracted

Family

orcus

Botnet

AIMWAVE

C2

31.44.184.52:36598

Mutex

sudo_jyykaaoqclaz25b6i5azpm5r3711r86p

Attributes
  • autostart_method

    Disable

  • enable_keylogger

    false

  • install_path

    %appdata%\flowersecure\processimage.exe

  • reconnect_delay

    10000

  • registry_keyname

    Sudik

  • taskscheduler_taskname

    sudik

  • watchdog_path

    AppData\aga.exe

Signatures

  • Orcurs Rat Executable 1 IoCs
  • Orcus family
    orcus
  • Orcus main payload 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • cf14723aadf2fa09f5c07e86dfb0eccb0a7141d5adcc301448d33e7c8fc611b3
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections