General
-
Target
Lua Loader.exe
-
Size
1.2MB
-
MD5
34a466e51a80ad778b3e07aab08e934f
-
SHA1
189592eda4e8a4f051e1af4c56c8b2384c5c0e2b
-
SHA256
59bafd4c82ebacac6b134fd031274210f66a12c391d06015484f63a87b54b461
-
SHA512
699b11e1992ca2a1199fef70bdce13153e5868de4a655efd801de1972844b64bd3b947ecb62ff3148fa76c4eabe2ebbd19bc8b461546234d428ed5d8f04caecc
-
SSDEEP
24576:O5WHS04YNEMuExDiU6E5R9s8xY/2l/dRJ5dtsPxNGfySIbt+rO:O5Wd4auS+UjfU2T/5XDZIbt+r
Malware Config
Extracted
orcus
147.185.221.21
f446e131123a4c2c895327a980a93e72
-
administration_rights_required
false
-
anti_debugger
false
-
anti_tcp_analyzer
false
-
antivm
false
-
autostart_method
1
-
change_creation_date
false
-
force_installer_administrator_privileges
false
-
hide_file
false
-
install
false
-
installation_folder
%appdata%\Microsoft\Speech\Lua.exe
-
installservice
false
-
keylogger_enabled
false
-
newcreationdate
08/03/2024 19:46:52
-
plugins
AgUFyfihswTdIPqEArukcmEdSF06Hw9CAFMAbwBEACAAUAByAG8AdABlAGMAdABpAG8AbgAHAzEALgAwAEEgNgAyADIANQBiADEAZABhADMAMAAyAGMANABhAGYAZgBiAGEAMwAyADQAYwBkAGMAYQA2AGIAZABkADAAYQA2AAEFl6aNkQPXkQKOmwKLvFcpr24sKCsVRABpAHMAYQBiAGwAZQAgAFcAZQBiAGMAYQBtACAATABpAGcAaAB0AHMABwMxAC4AMABBIDIAYQA2AGMAMgBjADIANAA3ADUAOAA2ADQAZgA2AGEAOAA2ADUAZgBlADQAOQAzADQANwAyAGIANQA3AGYANgABBcjswb8CldcC3rcCqMa3DYpVf2wVCkcAYQBtAGUAcgAgAFYAaQBlAHcABwMxAC4AMgBBIDkAZgA0AGEAMAA0ADcAYwA5ADUAYwA2ADQAZABjADUAOQAwADgAZgBjAGEAMAA1AGYAMABkADcAYQA5AGMAOAACAAYG
-
reconnect_delay
10000
-
registry_autostart_keyname
Audio HD Driver
-
registry_hidden_autostart
false
-
set_admin_flag
false
-
tasksch_name
Audio HD Driver
-
tasksch_request_highest_privileges
false
-
try_other_autostart_onfail
false
Signatures
-
Orcus family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Files
-
Lua Loader.exe
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
Imports
Sections