General
-
Target
793b7d5016b30ce138e55ffd2b513ccb19c8201c50c496c376df42603d12f700
-
Size
5.0MB
-
Sample
240212-bda7esea5z
-
MD5
3e04fd7395a78346599158a287111839
-
SHA1
f54df6a85e09c59b55232918a096d64613caf050
-
SHA256
793b7d5016b30ce138e55ffd2b513ccb19c8201c50c496c376df42603d12f700
-
SHA512
f5c3fa6d88932778da994653ee1f2d1bc57f3dfb9dfd9ca8205cae1507015c02e0205ca200c7c4a30c5e2c1b2fb108e096022e028218290495f16508afafd35a
-
SSDEEP
24576:EUA4MROxnFE3cdc1RGrZlI0AilFEvxHir3:EUjMiu/bGrZlI0AilFEvxHi
Behavioral task
behavioral1
Sample
793b7d5016b30ce138e55ffd2b513ccb19c8201c50c496c376df42603d12f700.exe
Resource
win7-20231215-en
Malware Config
Extracted
orcus
192.168.0.200:10134
afa5401f54984aaa863b79961927d3dd
-
autostart_method
TaskScheduler
-
enable_keylogger
false
-
install_path
%programfiles%\Orcus\Orcus.exe
-
reconnect_delay
10000
-
registry_keyname
Orcus
-
taskscheduler_taskname
GitHub
-
watchdog_path
Temp\nurik.exe
Targets
-
-
Target
793b7d5016b30ce138e55ffd2b513ccb19c8201c50c496c376df42603d12f700
-
Size
5.0MB
-
MD5
3e04fd7395a78346599158a287111839
-
SHA1
f54df6a85e09c59b55232918a096d64613caf050
-
SHA256
793b7d5016b30ce138e55ffd2b513ccb19c8201c50c496c376df42603d12f700
-
SHA512
f5c3fa6d88932778da994653ee1f2d1bc57f3dfb9dfd9ca8205cae1507015c02e0205ca200c7c4a30c5e2c1b2fb108e096022e028218290495f16508afafd35a
-
SSDEEP
24576:EUA4MROxnFE3cdc1RGrZlI0AilFEvxHir3:EUjMiu/bGrZlI0AilFEvxHi
-
Orcus main payload
-
Orcurs Rat Executable
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Drops desktop.ini file(s)
-
Drops file in System32 directory
-