Overview

overview

10

Static

static

10

2cb7627738...37.exe

windows7-x64

10

2cb7627738...37.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2cb762773823aeb9fa80904996155d63a7f2f60f588a1b973715ac7b3ea9d437

  • Size

    3.0MB

  • MD5

    6f69820bc23d0e66339375eb128d53b8

  • SHA1

    76fe60d0f916f70a355b9bb73189162adef3c8fe

  • SHA256

    2cb762773823aeb9fa80904996155d63a7f2f60f588a1b973715ac7b3ea9d437

  • SHA512

    0a132498c9ac850826cb37ff7aaf1fbfe43c49b1230f78c2de820cf4964b6c18215b8bc124ae91fef272c54294a095bb6bed7270477fa2933724a6873dc0d1a9

  • SSDEEP

    49152:RGX87p1EZKMnkmWg8LX5prviYDyKS5AypQxbRQAo9JnCmpKu/nRFfjI7L0qb:RLHTPJg8z1mKnypSbRxo9JCm

Score
10/10
monkemodmanagerorcus

Malware Config

Extracted

Family

orcus

Botnet

Monkemodmanager

C2

31.44.184.52:29846

Mutex

sudo_cpktc6baomgolt2t3oa6l3h94z9nzjps

Attributes
  • autostart_method

    Disable

  • enable_keylogger

    false

  • install_path

    %appdata%\requesttemp\downloadsapi.exe

  • reconnect_delay

    10000

  • registry_keyname

    Sudik

  • taskscheduler_taskname

    sudik

  • watchdog_path

    AppData\aga.exe

Signatures

  • Orcurs Rat Executable 1 IoCs
  • Orcus family
    orcus
  • Orcus main payload 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 2cb762773823aeb9fa80904996155d63a7f2f60f588a1b973715ac7b3ea9d437
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections