General

  • Target

    malware.zip

  • Size

    67.1MB

  • MD5

    5831c1c7848b567fb490d52f2a637aae

  • SHA1

    0694c40385ea45b63f7240083ea5d4654f1f9f35

  • SHA256

    555e1ab0aae170b009d8a3086a6d2ee760bb3f67cbc58cb79625813eada20482

  • SHA512

    f1c532934b54e7b372fe2c0d24b0babbfa8943924edaec09f7be7cb45513b04129f8d6b02d9169e35f0d6a327d5d2575670ac6ed4c78e8c69f85d670cc1f64a9

  • SSDEEP

    1572864:2RQIOrBs+1/LCU0rB/LturQjrV+YS0eEAwQelsGEpgvnzD/Zmm/3u6Cwxj2TWO9C:2YBs+V0rFLtureVg0jFmz8nfhl/3u6CW

Score
9/10

Malware Config

Signatures

  • CryptOne packer 1 IoCs

    Detects CryptOne packer defined in NCC blogpost.

  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • malware.zip
    .zip

    Password: @WxuG

  • OrbitExecutor.zip
    .zip

    Password: @WxuG

  • OrbitExecutor/Orbit.exe
    .exe windows:4 windows x86 arch:x86

    Password: @WxuG

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections

  • OrbitExecutor/bin/CefSharp.BrowserSubprocess.Core.pdb
  • OrbitExecutor/bin/api
    .dll regsvr32 windows:5 windows x86 arch:x86

    Password: @WxuG

    a9fd3e7f71a802c8eee0a502f46de991


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • OrbitExecutor/locales/af.pak
  • OrbitExecutor/locales/am.pak
  • OrbitExecutor/locales/ar.pak
  • OrbitExecutor/locales/bg.pak
  • OrbitExecutor/locales/bn.pak
  • OrbitExecutor/locales/ca.pak
  • OrbitExecutor/locales/cs.pak
  • OrbitExecutor/locales/da.pak
  • OrbitExecutor/locales/de.pak
  • OrbitExecutor/locales/el.pak
  • OrbitExecutor/locales/en-GB.pak
  • OrbitExecutor/locales/en-US.pak
  • OrbitExecutor/locales/es-419.pak
  • OrbitExecutor/locales/es.pak
  • OrbitExecutor/locales/et.pak
  • OrbitExecutor/locales/fa.pak
  • OrbitExecutor/locales/fi.pak
  • OrbitExecutor/locales/fil.pak
  • OrbitExecutor/locales/fr.pak
  • OrbitExecutor/locales/gu.pak
  • OrbitExecutor/locales/he.pak
  • OrbitExecutor/locales/hi.pak
  • OrbitExecutor/locales/hr.pak
  • OrbitExecutor/locales/hu.pak
  • OrbitExecutor/locales/id.pak
  • OrbitExecutor/locales/it.pak
  • OrbitExecutor/locales/ja.pak
  • OrbitExecutor/locales/kn.pak
  • OrbitExecutor/locales/ko.pak
  • OrbitExecutor/locales/lt.pak
  • OrbitExecutor/locales/lv.pak
  • OrbitExecutor/locales/ml.pak
  • OrbitExecutor/locales/mr.pak
  • OrbitExecutor/locales/ms.pak
  • OrbitExecutor/locales/nb.pak
  • OrbitExecutor/locales/nl.pak
  • OrbitExecutor/locales/pl.pak
  • OrbitExecutor/locales/pt-BR.pak
  • OrbitExecutor/locales/pt-PT.pak
  • OrbitExecutor/locales/ro.pak
  • OrbitExecutor/locales/ru.pak
  • OrbitExecutor/locales/sk.pak
  • OrbitExecutor/locales/sl.pak
  • OrbitExecutor/locales/sr.pak
  • OrbitExecutor/locales/sv.pak
  • OrbitExecutor/locales/sw.pak
  • OrbitExecutor/locales/ta.pak
  • OrbitExecutor/locales/te.pak
  • OrbitExecutor/locales/th.pak
  • OrbitExecutor/locales/tr.pak
  • OrbitExecutor/locales/uk.pak
  • OrbitExecutor/locales/ur.pak
  • OrbitExecutor/locales/vi.pak
  • OrbitExecutor/locales/zh-CN.pak
  • OrbitExecutor/locales/zh-TW.pak
  • ReadMe.txt