General
-
Target
Wave Trial.rar
-
Size
2.6MB
-
Sample
240728-mzwk2axanh
-
MD5
f7bcc908772165281729d580dfac1e93
-
SHA1
9ad85f734e6acff16e2a6a091ca7ae91f91ce09b
-
SHA256
85bb2863655f93c060cdc223b65cf74bfc36ec3b168c9b276fff281c5de2f952
-
SHA512
1bf46f1c39e81aaf0508346b10f55c0856c62bc5802a5de384a60e266462721ccbd9662610889bacde1e1d5e841f311fac142059986533942a0a3e47a39ff90d
-
SSDEEP
49152:r4dFx1VbyuWNMUYDFoF2VR/pjoP5eDwPL3snpl82XP9tf3YGxDszrW5FdohxpEC:01EuBDFoFajoP+4MpC2/TAGxD24nSpEC
Malware Config
Extracted
orcus
Wave
31.44.184.52:15288
sudo_76v3ne68zd8b3j6xeaptqbdkmamvwu08
-
autostart_method
Disable
-
enable_keylogger
false
-
install_path
%appdata%\securedatalifeasync\universal_.exe
-
reconnect_delay
10000
-
registry_keyname
Sudik
-
taskscheduler_taskname
sudik
-
watchdog_path
AppData\aga.exe
Targets
-
-
Target
Wave.exe
-
Size
3.0MB
-
MD5
df016abe8bfe2653c1dca38309260358
-
SHA1
253c95a2b7f13d39b9a03ba9a52785258e439340
-
SHA256
328b42682ffc73069ed31d0a9360aaf75e756cc2e51a280ef9849b9e836a990d
-
SHA512
3fcb697b369444ff62c84dd7b562f685b035e87ed9beab9c603bb2c35d03d57db7f28d1ccc8ed2ffaf606802fc6e3a4e1535f627d9fe8e0a68514f27219762ec
-
SSDEEP
49152:B1HS7p1EZKMnkmWg8LX5prviYDyKS5AypQxbRQAo9JnCmpbu/nRFfjI7L0qb:BUHTPJg8z1mKnypSbRxo9JCm
-
Orcus main payload
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Orcurs Rat Executable
-
Executes dropped EXE
-
Suspicious use of SetThreadContext
-