Overview

overview

10

Static

static

10

Nursultan.exe

windows7-x64

10

Nursultan.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Nursultan.exe

  • Size

    3.4MB

  • MD5

    0f9f82607781767d36bb032b09260847

  • SHA1

    92996f91d7ed53466dd3edc6c543d5b1b9e8c1cf

  • SHA256

    90fb58399388db6e22f44e41a7c2d25e61f7ae9565b8a1b775e10a3dee0fb7ea

  • SHA512

    033bd502642c0f0fb89e8399aee7ca5027cb5a19530ca9f88b9594e7404faec78b7a3eaeced5cf2ff4fa5ae5c74da148cbbacabc657f9b6f70bfe073e63e6123

  • SSDEEP

    49152:5GX87p1EZKMnkmWg8LX5prviYDyKS5AypQxbRQAo9JnCmpKu/nRFfjI7L0qbq:5LHTPJg8z1mKnypSbRxo9JCmD

Score
10/10
nursultanorcus

Malware Config

Extracted

Family

orcus

Botnet

Nursultan

C2

31.44.184.52:54370

Mutex

sudo_jdu3yd4dgo4y8e1pp6azrvrqmxk9e5mb

Attributes
  • autostart_method

    Disable

  • enable_keylogger

    false

  • install_path

    %appdata%\linecdnimage\secureuploads.exe

  • reconnect_delay

    10000

  • registry_keyname

    Sudik

  • taskscheduler_taskname

    sudik

  • watchdog_path

    AppData\aga.exe

Signatures

  • Orcurs Rat Executable 1 IoCs
  • Orcus family
    orcus
  • Orcus main payload 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • Nursultan.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections