General
-
Target
AAservices.exe
-
Size
5.2MB
-
Sample
250329-af74havtb1
-
MD5
b6d4cf90524ad23f23b424d2fc026301
-
SHA1
4350535f3206ea439d2d320b06eaa0ab9141406e
-
SHA256
519bcced29022f139097cc2c56c9e3489329bb63017f202dd15b5234c2d76d0f
-
SHA512
6ccfd3376c47d1dc0615ce54adef257b69398b61c8cd9ec89044150d0c027eb6ee54e8955a34b953b849f935265f846583e30ca414e493f397cbb94446540910
-
SSDEEP
98304:5v6FYeZ3vFpkRmGWoTxi0wGGzBjryX82uypSb9ndo9JCmVq2q:QFYeZ3vFpkRRdwB3ys2uypSZ4JCEq2q
Malware Config
Targets
-
-
Target
AAservices.exe
-
Size
5.2MB
-
MD5
b6d4cf90524ad23f23b424d2fc026301
-
SHA1
4350535f3206ea439d2d320b06eaa0ab9141406e
-
SHA256
519bcced29022f139097cc2c56c9e3489329bb63017f202dd15b5234c2d76d0f
-
SHA512
6ccfd3376c47d1dc0615ce54adef257b69398b61c8cd9ec89044150d0c027eb6ee54e8955a34b953b849f935265f846583e30ca414e493f397cbb94446540910
-
SSDEEP
98304:5v6FYeZ3vFpkRmGWoTxi0wGGzBjryX82uypSb9ndo9JCmVq2q:QFYeZ3vFpkRRdwB3ys2uypSZ4JCEq2q
Score10/10-
Orcus
Orcus is a Remote Access Trojan that is being sold on underground forums.
-
Orcus family
-
StormKitty
StormKitty is an open source info stealer written in C#.
-
StormKitty payload
-
Stormkitty family
-
Orcurs Rat Executable
-
Downloads MZ/PE file
-
Stops running service(s)
-