General

  • Target

    422953fcaaefca3d179e9f047b0d8a5244b122d1610b5dfabad51f4315fd8e11

  • Size

    3.0MB

  • MD5

    afbb68a2f6e23d46ed84f2df25627610

  • SHA1

    90fd5f4c427421cc92fa13eb8b7aa3a0f5b53e79

  • SHA256

    422953fcaaefca3d179e9f047b0d8a5244b122d1610b5dfabad51f4315fd8e11

  • SHA512

    fefca654a2647a19e378d85455d46ca4cf051c5ba44f6e7643e8ce3b3c55c6f264a3c90cc01cac23301c579b0dd67ebd73ccdbd1798b6ec49ff0e5c5747fbef0

  • SSDEEP

    49152:ZGX87p1EZKMnkmWg8LX5prviYDyKS5AypQxbRQAo9JnCmpKu/nRFfjI7L0qb:ZLHTPJg8z1mKnypSbRxo9JCm

Malware Config

Extracted

Family

orcus

Botnet

Новый тег

C2

31.44.184.52:15787

Mutex

sudo_akso4dvrs31yrja25rg05o0oynekdkot

Attributes
  • autostart_method

    Disable

  • enable_keylogger

    false

  • install_path

    %appdata%\uploadsdatalife\svchost.exe

  • reconnect_delay

    10000

  • registry_keyname

    Sudik

  • taskscheduler_taskname

    sudik

  • watchdog_path

    AppData\aga.exe

Signatures

  • Orcurs Rat Executable 1 IoCs
  • Orcus family
  • Orcus main payload 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 422953fcaaefca3d179e9f047b0d8a5244b122d1610b5dfabad51f4315fd8e11
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections