Overview

overview

6

Static

static

3

Orbit.exe

windows11-21h2-x64

6

Resubmissions

16/06/2024, 16:01 UTC

240616-tgan6stdpl 6

16/06/2024, 15:46 UTC

240616-s7tz3atarn 8

Analysis

  • max time kernel
    514s
  • max time network
    525s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240508-en
  • resource tags

    arch:x64arch:x86image:win11-20240508-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    16/06/2024, 16:01 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Orbit.exe

  • Size

    2.0MB

  • MD5

    5de2a10bbf43eea7059747b139f9f728

  • SHA1

    ee56319da9bb880fcc369002c2c628c76910d38a

  • SHA256

    e3b1599e3ec5862347b24336ca0e228d45a0becb6f6da45f619dd8e03e75854a

  • SHA512

    c206193015d0c663f737b421f77438ff4a62bc4d7cf5016b86a3632ed0ba0f48df6c0ac4e7929fb9f89d37a302ac744c2a0e289c9e669a75537fdd0d4fa8a902

  • SSDEEP

    49152:oKn5Sz1xoQrp2OJChuMb14Z+cjDvkui9XZlXR0RcEnAUwn:W/Nr8py+cjDvkui9XHXmREUwn

Score
6/10

Malware Config

Signatures

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Orbit.exe
    "C:\Users\Admin\AppData\Local\Temp\Orbit.exe"
    1⤵
      PID:1564

    Network

    • flag-us
      DNS
      raw.githubusercontent.com
      Orbit.exe
      Remote address:
      8.8.8.8:53
      Request
      raw.githubusercontent.com
      IN A
    • flag-us
      DNS
      raw.githubusercontent.com
      Orbit.exe
      Remote address:
      8.8.8.8:53
      Request
      raw.githubusercontent.com
      IN A
    • flag-us
      DNS
      raw.githubusercontent.com
      Orbit.exe
      Remote address:
      8.8.8.8:53
      Request
      raw.githubusercontent.com
      IN A
    • flag-us
      DNS
      raw.githubusercontent.com
      Orbit.exe
      Remote address:
      8.8.8.8:53
      Request
      raw.githubusercontent.com
      IN A
    • flag-us
      DNS
      raw.githubusercontent.com
      Orbit.exe
      Remote address:
      8.8.8.8:53
      Request
      raw.githubusercontent.com
      IN A
    • 127.0.0.1:49728
      Orbit.exe
    • 52.111.229.48:443
      322 B
       7
    • 8.8.8.8:53
      raw.githubusercontent.com
      dns
      Orbit.exe
      355 B
       5

      DNS Request

      raw.githubusercontent.com

      DNS Request

      raw.githubusercontent.com

      DNS Request

      raw.githubusercontent.com

      DNS Request

      raw.githubusercontent.com

      DNS Request

      raw.githubusercontent.com

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.