Overview

overview

10

Static

static

10

2f320b3ef9...ef.exe

windows7-x64

10

2f320b3ef9...ef.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2f320b3ef91258433bf232bd26f5dcb9c6f70394d60680f65744a990d431c7ef

  • Size

    3.0MB

  • MD5

    b3a7960d97578ab1eb2ae60ed0c3df2e

  • SHA1

    8df3e142f4e83bfed04bc8059106f0ffa3bcd6ed

  • SHA256

    2f320b3ef91258433bf232bd26f5dcb9c6f70394d60680f65744a990d431c7ef

  • SHA512

    d429ad5165126a795d5f939198c23f048b69bda802bdb707100c49b637cd52d992027bc05186ecf269201f5a14c6d95721c0bb04f4fe2d47268e6bc749762f47

  • SSDEEP

    49152:O3X27p1EZKMnkmWg8LX5prviYDyKS5AypQxbRQAo9JnCmpEu/nRFfjI7L0qb:OWHTPJg8z1mKnypSbRxo9JCm

Score
10/10
новый тегorcus

Malware Config

Extracted

Family

orcus

Botnet

Новый тег

C2

31.44.184.52:10903

Mutex

sudo_o3qjvpplzk2x15estch86hef4j7hfbki

Attributes
  • autostart_method

    Disable

  • enable_keylogger

    false

  • install_path

    %appdata%\dataliferequestprocessor\generatortrack.exe

  • reconnect_delay

    10000

  • registry_keyname

    Sudik

  • taskscheduler_taskname

    sudik

  • watchdog_path

    AppData\aga.exe

Signatures

  • Orcurs Rat Executable 1 IoCs
  • Orcus family
    orcus
  • Orcus main payload 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 2f320b3ef91258433bf232bd26f5dcb9c6f70394d60680f65744a990d431c7ef
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections