General

  • Target

    74aa8c6060f703ee770fd9b036fab75f82a3f593df9a639f6b70c4518b2be533

  • Size

    5.8MB

  • Sample

    240209-bpwbqsdf9t

  • MD5

    ca2d37d4efa6d8d7582ec78304a1fb9f

  • SHA1

    0814dbb8dc429b9f87b3579d342d09d9e6cf96e4

  • SHA256

    74aa8c6060f703ee770fd9b036fab75f82a3f593df9a639f6b70c4518b2be533

  • SHA512

    3b77912616b8fe3afddd05eb3fc883e0dbf277d48dd05b8dcda41e2b8c34a198df1d0abbb33a0f955e2b714be4f87e9cc7e04ca5eba5f3ee77f2402c4c68e31c

  • SSDEEP

    98304:+QzEBloGS3IkRgGCjbruXLHR9vKUHTPJg8z1mKnypSbRxo9JCm:tQpS3Ik6GCjbgLHRsUzhg01dypSSJC

Malware Config

Targets

    • Target

      74aa8c6060f703ee770fd9b036fab75f82a3f593df9a639f6b70c4518b2be533

    • Size

      5.8MB

    • MD5

      ca2d37d4efa6d8d7582ec78304a1fb9f

    • SHA1

      0814dbb8dc429b9f87b3579d342d09d9e6cf96e4

    • SHA256

      74aa8c6060f703ee770fd9b036fab75f82a3f593df9a639f6b70c4518b2be533

    • SHA512

      3b77912616b8fe3afddd05eb3fc883e0dbf277d48dd05b8dcda41e2b8c34a198df1d0abbb33a0f955e2b714be4f87e9cc7e04ca5eba5f3ee77f2402c4c68e31c

    • SSDEEP

      98304:+QzEBloGS3IkRgGCjbruXLHR9vKUHTPJg8z1mKnypSbRxo9JCm:tQpS3Ik6GCjbgLHRsUzhg01dypSSJC

    • Orcus

      Orcus is a Remote Access Trojan that is being sold on underground forums.

    • Orcus main payload

    • Orcurs Rat Executable

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks