Resubmissions

03-10-2024 21:19

241003-z6m9fsxcjn 10

03-10-2024 21:14

241003-z3g82azhmb 10

03-10-2024 21:10

241003-z1h3jszglg 10

03-10-2024 21:03

241003-zv1emszeje 10

General

  • Target

    snos.exe

  • Size

    916KB

  • MD5

    defc2abbed64bb0a53c7b9fa04d9d114

  • SHA1

    926cbb5e1d9ea1249aa034afa5d0e510322b5ee6

  • SHA256

    4a5b24522b79e54b2c901946eb492dac5bf83631681a2d99b1f6b303268e0580

  • SHA512

    00084691a0ae0c52aac630a1fca9bca0fb245ad4597c99b12016119ce289500002c6b23e47bfcd2bc220c26068615c972b8e5551b0b3dd721fd06c6387e0d842

  • SSDEEP

    24576:NVWC4MROxnFD3krXYf1rrcI0AilFEvxHPdmoo6:NqMiJtrrcI0AilFEvxHP

Score
10/10

Malware Config

Extracted

Family

orcus

C2

45.200.148.205:10134

Mutex

2857e61aa1024db89df5be17078af5ab

Attributes
  • autostart_method

    TaskScheduler

  • enable_keylogger

    false

  • install_path

    %programfiles%\sistemwinhost\winhost1235.exe

  • reconnect_delay

    10000

  • registry_keyname

    registry

  • taskscheduler_taskname

    registre

  • watchdog_path

    AppData\Servicemanagaer.exe

Signatures

  • Orcurs Rat Executable 1 IoCs
  • Orcus family
  • Orcus main payload 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • snos.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections