General
-
Target
74aa8c6060f703ee770fd9b036fab75f82a3f593df9a639f6b70c4518b2be533
-
Size
5.8MB
-
Sample
240209-bpwbqsdf9t
-
MD5
ca2d37d4efa6d8d7582ec78304a1fb9f
-
SHA1
0814dbb8dc429b9f87b3579d342d09d9e6cf96e4
-
SHA256
74aa8c6060f703ee770fd9b036fab75f82a3f593df9a639f6b70c4518b2be533
-
SHA512
3b77912616b8fe3afddd05eb3fc883e0dbf277d48dd05b8dcda41e2b8c34a198df1d0abbb33a0f955e2b714be4f87e9cc7e04ca5eba5f3ee77f2402c4c68e31c
-
SSDEEP
98304:+QzEBloGS3IkRgGCjbruXLHR9vKUHTPJg8z1mKnypSbRxo9JCm:tQpS3Ik6GCjbgLHRsUzhg01dypSSJC
Behavioral task
behavioral1
Sample
74aa8c6060f703ee770fd9b036fab75f82a3f593df9a639f6b70c4518b2be533.exe
Resource
win7-20231215-en
Malware Config
Targets
-
-
Target
74aa8c6060f703ee770fd9b036fab75f82a3f593df9a639f6b70c4518b2be533
-
Size
5.8MB
-
MD5
ca2d37d4efa6d8d7582ec78304a1fb9f
-
SHA1
0814dbb8dc429b9f87b3579d342d09d9e6cf96e4
-
SHA256
74aa8c6060f703ee770fd9b036fab75f82a3f593df9a639f6b70c4518b2be533
-
SHA512
3b77912616b8fe3afddd05eb3fc883e0dbf277d48dd05b8dcda41e2b8c34a198df1d0abbb33a0f955e2b714be4f87e9cc7e04ca5eba5f3ee77f2402c4c68e31c
-
SSDEEP
98304:+QzEBloGS3IkRgGCjbruXLHR9vKUHTPJg8z1mKnypSbRxo9JCm:tQpS3Ik6GCjbgLHRsUzhg01dypSSJC
-
Orcus main payload
-
Orcurs Rat Executable
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-