General
-
Target
f118ffc20242135275dfbf8832e41f986cfce096055693b8a5b06afaa9f8ca5a
-
Size
3.0MB
-
Sample
240209-bp17zsdf9w
-
MD5
23f4e9c9b708ba86f0b4746fcefd7caf
-
SHA1
b233e4c368018bf50941b785190abd88129fc8ca
-
SHA256
f118ffc20242135275dfbf8832e41f986cfce096055693b8a5b06afaa9f8ca5a
-
SHA512
fcec609cb9375b40bcae6f2a529c7bf2d0e0ad91674984addb6180d388216c80d3e6373d9949c16f5937bb9ba76993f29ec08e4079260a46015e99b62759a329
-
SSDEEP
49152:Y1HS7p1EZKMnkmWg8LX5prviYDyKS5AypQxbRQAo9JnCmpbu/nRFfjI7L0qb:YUHTPJg8z1mKnypSbRxo9JCm
Behavioral task
behavioral1
Sample
f118ffc20242135275dfbf8832e41f986cfce096055693b8a5b06afaa9f8ca5a.exe
Resource
win7-20231215-en
Malware Config
Extracted
orcus
Новый тег
31.44.184.52:58576
sudo_1v7mey0zzj7ysiavya22l201c5apuze4
-
autostart_method
Disable
-
enable_keylogger
false
-
install_path
%appdata%\linuxflowergeo\uploadstrack.exe
-
reconnect_delay
10000
-
registry_keyname
Sudik
-
taskscheduler_taskname
sudik
-
watchdog_path
AppData\aga.exe
Targets
-
-
Target
f118ffc20242135275dfbf8832e41f986cfce096055693b8a5b06afaa9f8ca5a
-
Size
3.0MB
-
MD5
23f4e9c9b708ba86f0b4746fcefd7caf
-
SHA1
b233e4c368018bf50941b785190abd88129fc8ca
-
SHA256
f118ffc20242135275dfbf8832e41f986cfce096055693b8a5b06afaa9f8ca5a
-
SHA512
fcec609cb9375b40bcae6f2a529c7bf2d0e0ad91674984addb6180d388216c80d3e6373d9949c16f5937bb9ba76993f29ec08e4079260a46015e99b62759a329
-
SSDEEP
49152:Y1HS7p1EZKMnkmWg8LX5prviYDyKS5AypQxbRQAo9JnCmpbu/nRFfjI7L0qb:YUHTPJg8z1mKnypSbRxo9JCm
-
Orcus main payload
-
Orcurs Rat Executable
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-