Overview

overview

10

Static

static

10

22b3ae08b6...86.exe

windows7-x64

10

22b3ae08b6...86.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    22b3ae08b6c95e534fc9b50db814578f8c10e35eb7f6b20981c26c94fd46ff86

  • Size

    3.0MB

  • MD5

    46bf501110b6d9833998f55f9f1fe133

  • SHA1

    57aff0efc8f0271423e7e18105b9f6ee64f474f3

  • SHA256

    22b3ae08b6c95e534fc9b50db814578f8c10e35eb7f6b20981c26c94fd46ff86

  • SHA512

    3f79d213774a07f3cc5a8de5f2d7f874b68da312fee787186f31aa401cf979a755ec20ad094af9ee5e738a8d8b8d6cd7c98bd2b447197ac283a398f5324e252d

  • SSDEEP

    49152:Cs7p1EZKMnkmWg8LX5prviYDyKS5AypQxbRQAo9JnCmpau/nRFfjI7L0qbO:CsHTPJg8z1mKnypSbRxo9JCm

Score
10/10
новый тегorcus

Malware Config

Extracted

Family

orcus

Botnet

Новый тег

C2

31.44.184.52:53590

Mutex

sudo_tew5o0qgm5zk0uh6hmogc19xixt7kypy

Attributes
  • autostart_method

    Disable

  • enable_keylogger

    false

  • install_path

    %appdata%\linelocal\gamelow.exe

  • reconnect_delay

    10000

  • registry_keyname

    Sudik

  • taskscheduler_taskname

    sudik

  • watchdog_path

    AppData\aga.exe

Signatures

  • Orcurs Rat Executable 1 IoCs
  • Orcus family
    orcus
  • Orcus main payload 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 22b3ae08b6c95e534fc9b50db814578f8c10e35eb7f6b20981c26c94fd46ff86
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections