General
-
Target
SpooferBeta.rar
-
Size
578KB
-
Sample
230327-hzrjvsec4v
-
MD5
b081c9a709d2ec92964c6c30dbc620ab
-
SHA1
ac5cbe059fefb09d63863b9d7b6da609a9db6449
-
SHA256
82f9c67cd58d44f75132c933b260fffa0810190781dfe9ad1e5bd2cc6d769b2a
-
SHA512
769e2f5292b0c71b9c9b3309f1407cb42bc8cdb918da19ec7b252451753c60b1cc7dda445b9806c80de74c335778ee6668790d274a8786091387c16a8591509b
-
SSDEEP
12288:R/ZXr081ZqJeQHahLdECnp2md3rKD1xALrsLI4k0VgNOWTlk6odJ0wI7:A87qY0GLvp2w7jLrMVGOWTlk6of0wG
Behavioral task
behavioral1
Sample
SpooferBeta.exe
Resource
win7-20230220-en
Malware Config
Extracted
orcus
penis
37.19.221.138:59263
daaa2270cd59478cbf4b5ad981404ee1
-
autostart_method
TaskScheduler
-
enable_keylogger
true
-
install_path
%programfiles%\Spoof\Spoofer.exe
-
reconnect_delay
10000
-
registry_keyname
Orcus
-
taskscheduler_taskname
Spoofer
-
watchdog_path
AppData\SpoofWatchdog.exe
Targets
-
-
Target
SpooferBeta.exe
-
Size
919KB
-
MD5
114b320ed25589f4170e3bf68eb26404
-
SHA1
f6bd7034b40aca6c4666a45fa0acef9869badab1
-
SHA256
72cfe058d2067b02d9f93fe478840298e00148c6783e1ba105dc778c50543138
-
SHA512
ac66c5b2b54e06b75cfcb407e8b2884be1b2820b97ce5dd4531c0a5e2759f24cd0a85966d4a8a978487c1957974189bbf93a00465ff8051b4a65bac2fff522eb
-
SSDEEP
24576:LKa4MROxnFH3uRM47rrcI0AilFEvxHPXoot:LOMihul7rrcI0AilFEvxHP
-
Orcus main payload
-
Orcurs Rat Executable
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-