General
-
Target
864d1b8fe8c2caa11fabd19025c6af4c.bin
-
Size
645KB
-
Sample
230606-bxhevabe44
-
MD5
6a59b21500e9bae795240f4ade2f710d
-
SHA1
ec8f8a2fa43e7c91f8717966d850cf6f1da4795a
-
SHA256
8e2608e1cdedaf4f3495676b50fdab81cfa9b1018bb29c52b15358e747bce39b
-
SHA512
19986a30fc0b3d67165aae456a1d92d773a5850535b00c5a8d2b6537b1a00c7a854790ad1e8550bf56f74aa1b181d30e86b6d37b8027766112aa9b48bf47df9c
-
SSDEEP
12288:c7z8/BrBADPwVBrSYu71uP5KpcfkD04WjdcPNEPdUfwoOVMoP5De3yyjmMIileR4:c7Y/B6wVBrSYu7oP5K/D0ndeE1cwoihm
Malware Config
Targets
-
-
Target
864d1b8fe8c2caa11fabd19025c6af4c.bin
-
Size
645KB
-
MD5
6a59b21500e9bae795240f4ade2f710d
-
SHA1
ec8f8a2fa43e7c91f8717966d850cf6f1da4795a
-
SHA256
8e2608e1cdedaf4f3495676b50fdab81cfa9b1018bb29c52b15358e747bce39b
-
SHA512
19986a30fc0b3d67165aae456a1d92d773a5850535b00c5a8d2b6537b1a00c7a854790ad1e8550bf56f74aa1b181d30e86b6d37b8027766112aa9b48bf47df9c
-
SSDEEP
12288:c7z8/BrBADPwVBrSYu71uP5KpcfkD04WjdcPNEPdUfwoOVMoP5De3yyjmMIileR4:c7Y/B6wVBrSYu7oP5K/D0ndeE1cwoihm
Score1/10 -
-
-
Target
fc35a0e0418cefe500b02b81241fbb0338e7040db20934ed9abf3e6d55f879f4.exe
-
Size
6.0MB
-
MD5
864d1b8fe8c2caa11fabd19025c6af4c
-
SHA1
80ef38b4619508eca929367e505ed86820cc7629
-
SHA256
fc35a0e0418cefe500b02b81241fbb0338e7040db20934ed9abf3e6d55f879f4
-
SHA512
a49f606301afc240856aeb306bcbd83e06961b3b65d53477075ad13fe2d046a5fe623f4fb36b576b96e07064bec233a459a687609ce29e31365335902e6a8e99
-
SSDEEP
24576:UvcuN7KbNL34MROxnFf3HumarrcI0AilFEvxHPdeFooL:UvcuaWMid4rrcI0AilFEvxHP
Score10/10-
Orcus
Orcus is a Remote Access Trojan that is being sold on underground forums.
-
Orcurs Rat Executable
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-