General
-
Target
c3301cb32b0dd03311590edc1472e64926b1a9bdc684928184892310c717ecec
-
Size
2.8MB
-
Sample
220919-mkhqmaggek
-
MD5
38b806deb9a6bf562e66dc00926bc60c
-
SHA1
142b40d61cd8789c47ea3d38580368ac18b23782
-
SHA256
c3301cb32b0dd03311590edc1472e64926b1a9bdc684928184892310c717ecec
-
SHA512
2ea20b7340f273a702833bdb70af9844f8e1b01946fb064717b530f8967b0776cec106077fd239cfeccf4d1919442ad9db5212d305ef4400524a91b91283b852
-
SSDEEP
49152:FrNCxxbLFfslHQMAd2TcIm/7iEW33iInMVt2SzNv6BkMgQu7HqUYGOXwn:xNCxxbelH/4gcICdW3yInMThtrd7YXwn
Malware Config
Targets
-
-
Target
c3301cb32b0dd03311590edc1472e64926b1a9bdc684928184892310c717ecec
-
Size
2.8MB
-
MD5
38b806deb9a6bf562e66dc00926bc60c
-
SHA1
142b40d61cd8789c47ea3d38580368ac18b23782
-
SHA256
c3301cb32b0dd03311590edc1472e64926b1a9bdc684928184892310c717ecec
-
SHA512
2ea20b7340f273a702833bdb70af9844f8e1b01946fb064717b530f8967b0776cec106077fd239cfeccf4d1919442ad9db5212d305ef4400524a91b91283b852
-
SSDEEP
49152:FrNCxxbLFfslHQMAd2TcIm/7iEW33iInMVt2SzNv6BkMgQu7HqUYGOXwn:xNCxxbelH/4gcICdW3yInMThtrd7YXwn
Score10/10-
Orcus
Orcus is a Remote Access Trojan that is being sold on underground forums.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Orcurs Rat Executable
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Drops desktop.ini file(s)
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-