Overview

overview

10

Static

static

10

bb16e46d06...31.exe

windows7-x64

10

bb16e46d06...31.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    bb16e46d068bc395bdcb7f3cc338ee03381a102f524316b5935fb5cb4d113031

  • Size

    3.0MB

  • MD5

    5cc99251e0b8789e36ad013b38c75632

  • SHA1

    7aae31f2e5cf63e7e3a0d926f0f3c186565ebdc6

  • SHA256

    bb16e46d068bc395bdcb7f3cc338ee03381a102f524316b5935fb5cb4d113031

  • SHA512

    4be001412f90ce660b6e673e3eaf301cffa53a81b4b548d1b322bec976fd2d3a43b101299824c25cba5cd4d761ee5cf8b8940c23433910be11671a27f524bee4

  • SSDEEP

    49152:3gt1ZeM9/3EgHcyH4Z9fVTB4krLzS+HAypQxbOqUo9JnCmuxI3lGnlFreInnczWL:3gtGjzD5rfLgypSbKo9JCmn3E

Score
10/10
babylonorcus

Malware Config

Extracted

Family

orcus

Botnet

Babylon

C2

vimeworldserverstat.serveminecraft.net:443

Mutex

a19e8216786644dc8db8ae5307f5d5be

Attributes
  • autostart_method

    Registry

  • enable_keylogger

    false

  • install_path

    %appdata%\Microsoft Edge\UpdateService.exe

  • reconnect_delay

    10000

  • registry_keyname

    Microsoft Edge Update Service

  • taskscheduler_taskname

    Microsoft Edge Update Service

  • watchdog_path

    AppData\EdgeUpdate.exe

Signatures

  • Orcurs Rat Executable 1 IoCs
  • Orcus family
    orcus
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • bb16e46d068bc395bdcb7f3cc338ee03381a102f524316b5935fb5cb4d113031
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections