General
-
Target
e58c968911b7cb21b817e96a3d8bbc53972c6bf08d5d688314aa0abf8ce1dcff
-
Size
2.9MB
-
Sample
240213-cnqkjahd3y
-
MD5
a66b5e87f6841b747c1dcaab076998ff
-
SHA1
8e6cbfb9eb6c9be259c5ecf5d33b5fa991fbf06c
-
SHA256
e58c968911b7cb21b817e96a3d8bbc53972c6bf08d5d688314aa0abf8ce1dcff
-
SHA512
c6eb8beeefaefb05bcf53dd2363a8368d9a405687db755641d5ca30048c2e721b532764e11e1ef7f2e2fb194ba5c274f00ae2c773b58297463b7289fe0aa7edc
-
SSDEEP
49152:H02N8QFUwqYZeM9/ZzzBjMkPUayX82+YXAypQxb9ndo9JnCm+WncFf0I74gu3SM:Hd0wGGzBjryX82uypSb9ndo9JCm
Behavioral task
behavioral1
Sample
e58c968911b7cb21b817e96a3d8bbc53972c6bf08d5d688314aa0abf8ce1dcff.exe
Resource
win7-20231215-en
Malware Config
Extracted
orcus
192.168.1.111:10134
24b16d1a9eb04e898b76f459161f7a15
-
autostart_method
Disable
-
enable_keylogger
true
-
install_path
%programfiles%\Orcus\Orcus.exe
-
reconnect_delay
10000
-
registry_keyname
Orcus
-
taskscheduler_taskname
Orcus
-
watchdog_path
AppData\OrcusWatchdog.exe
Targets
-
-
Target
e58c968911b7cb21b817e96a3d8bbc53972c6bf08d5d688314aa0abf8ce1dcff
-
Size
2.9MB
-
MD5
a66b5e87f6841b747c1dcaab076998ff
-
SHA1
8e6cbfb9eb6c9be259c5ecf5d33b5fa991fbf06c
-
SHA256
e58c968911b7cb21b817e96a3d8bbc53972c6bf08d5d688314aa0abf8ce1dcff
-
SHA512
c6eb8beeefaefb05bcf53dd2363a8368d9a405687db755641d5ca30048c2e721b532764e11e1ef7f2e2fb194ba5c274f00ae2c773b58297463b7289fe0aa7edc
-
SSDEEP
49152:H02N8QFUwqYZeM9/ZzzBjMkPUayX82+YXAypQxb9ndo9JnCm+WncFf0I74gu3SM:Hd0wGGzBjryX82uypSb9ndo9JCm
-
Orcurs Rat Executable
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-