Overview

overview

10

Static

static

10

12e8f5d8b7...76.exe

windows7-x64

10

12e8f5d8b7...76.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    12e8f5d8b73a578e57a87074a1f8444a52cf8ff6dbedb13ce4549aab02655a76

  • Size

    3.0MB

  • Sample

    241103-bessvs1aqm

  • MD5

    09e4d093f8352ae34ac8f6c67c1c4cf5

  • SHA1

    2658b72bf4ea7ee30c632731fc08441042b1d941

  • SHA256

    12e8f5d8b73a578e57a87074a1f8444a52cf8ff6dbedb13ce4549aab02655a76

  • SHA512

    deb8d26e782a70c16026b09547de20c5c31bd9a7dec49b8a3f0a995984fc79fb33de5e508330922c243c624fe1f562375c8291f56391f07f6860bcc32cd956b8

  • SSDEEP

    49152:Y1HS7p1EZKMnkmWg8LX5prviYDyKS5AypQxbRQAo9JnCmpbu/nRFfjI7L0qb:YUHTPJg8z1mKnypSbRxo9JCm

Score
10/10
orcusновый тегdiscoveryratspywarestealer

Malware Config

Extracted

Family

orcus

Botnet

Новый тег

C2

31.44.184.52:21841

Mutex

sudo_s8wlrdsbeuebt5jgidu6aws01wnjwwb4

Attributes
  • autostart_method

    Disable

  • enable_keylogger

    false

  • install_path

    %appdata%\centralpacket\bigloadline.exe

  • reconnect_delay

    10000

  • registry_keyname

    Sudik

  • taskscheduler_taskname

    sudik

  • watchdog_path

    AppData\aga.exe

Targets

    • Target

      12e8f5d8b73a578e57a87074a1f8444a52cf8ff6dbedb13ce4549aab02655a76

    • Size

      3.0MB

    • MD5

      09e4d093f8352ae34ac8f6c67c1c4cf5

    • SHA1

      2658b72bf4ea7ee30c632731fc08441042b1d941

    • SHA256

      12e8f5d8b73a578e57a87074a1f8444a52cf8ff6dbedb13ce4549aab02655a76

    • SHA512

      deb8d26e782a70c16026b09547de20c5c31bd9a7dec49b8a3f0a995984fc79fb33de5e508330922c243c624fe1f562375c8291f56391f07f6860bcc32cd956b8

    • SSDEEP

      49152:Y1HS7p1EZKMnkmWg8LX5prviYDyKS5AypQxbRQAo9JnCmpbu/nRFfjI7L0qb:YUHTPJg8z1mKnypSbRxo9JCm

    Score
    10/10
    orcusновый тегdiscoveryratspywarestealer

    • Orcus

      Orcus is a Remote Access Trojan that is being sold on underground forums.

      ratspywarestealerorcus

    • Orcus family

      orcus

    • Orcus main payload

    • Orcurs Rat Executable

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.