Overview

overview

10

Static

static

10

4d37adf0c3...79.exe

windows7-x64

10

4d37adf0c3...79.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    4d37adf0c3bdb82bca83335523ff532318e6b99a3c6feabbdd117bcf41d23b79

  • Size

    3.0MB

  • MD5

    a799040cfc26714b653950f418cc3359

  • SHA1

    3c944bf11d495c0cd7bee4e8dbc9515bea44b94c

  • SHA256

    4d37adf0c3bdb82bca83335523ff532318e6b99a3c6feabbdd117bcf41d23b79

  • SHA512

    591c5537397a2f8e93cd16911ef94fd7adaf682851f1d21dc8e39d7b43dbdf661ed0c441fd11ec620d55dff4dcdf9c110d3c162b4f0cee080a3f7178122a50c6

  • SSDEEP

    49152:Cs7p1EZKMnkmWg8LX5prviYDyKS5AypQxbRQAo9JnCmpau/nRFfjI7L0qb:CsHTPJg8z1mKnypSbRxo9JCm

Score
10/10
voznyaorcus

Malware Config

Extracted

Family

orcus

Botnet

voznya

C2

31.44.184.52:29613

Mutex

sudo_bk0dxk6ankr3vxmczlddfhmsclecfrf2

Attributes
  • autostart_method

    Disable

  • enable_keylogger

    false

  • install_path

    C:\a\generatorhttp\wpuniversal.exe

  • reconnect_delay

    10000

  • registry_keyname

    Sudik

  • taskscheduler_taskname

    sudik

  • watchdog_path

    AppData\aga.exe

Signatures

  • Orcurs Rat Executable 1 IoCs
  • Orcus family
    orcus
  • Orcus main payload 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 4d37adf0c3bdb82bca83335523ff532318e6b99a3c6feabbdd117bcf41d23b79
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections