Resubmissions

13/01/2025, 05:59 UTC

250113-gps49s1qgk 10

12/01/2025, 23:44 UTC

250112-3rfslsxphr 10

General

  • Target

    5b8ec7a0faf0a5c275af5bb510aaecd93bc3358b4626f3eb5a13d891da34d8d3.exe

  • Size

    915KB

  • MD5

    ec7d1fc892a9e267847bfb476f07b25a

  • SHA1

    3ef8f87e97e0cc38d82682837265036f10d5aa0b

  • SHA256

    5b8ec7a0faf0a5c275af5bb510aaecd93bc3358b4626f3eb5a13d891da34d8d3

  • SHA512

    5b7956b718d154896b89640ce659fee0c52a6963845e23350e38aa142674083b7d3be9657d5a30a5a7ac483bf8be46a29f7890afc9d8b5438d147c7c4f7c96f0

  • SSDEEP

    24576:IXqP4MROxnFD3h74S4xrZlI0AilFEvxHiNpx9:IXjMiJ2rZlI0AilFEvxHiNl

Score
10/10

Malware Config

Extracted

Family

orcus

Botnet

winzip

C2

z3roxl33t.hopto.org:7415

Mutex

676113f043a94b71a3b9dfa0e0dd63be

Attributes
  • autostart_method

    TaskScheduler

  • enable_keylogger

    true

  • install_path

    %programfiles%\winzip data\winzip.exe

  • reconnect_delay

    10000

  • registry_keyname

    winzip service

  • taskscheduler_taskname

    winzip services

  • watchdog_path

    Temp\winzip.exe

Signatures

  • Orcurs Rat Executable 1 IoCs
  • Orcus family
  • Orcus main payload 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 5b8ec7a0faf0a5c275af5bb510aaecd93bc3358b4626f3eb5a13d891da34d8d3.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.