General

  • Target

    ec2bd119fcee7ea76f59daf6ce0ee736_JaffaCakes118

  • Size

    4.0MB

  • Sample

    240410-2x23csdf44

  • MD5

    ec2bd119fcee7ea76f59daf6ce0ee736

  • SHA1

    f5a9a955b62e3e5c7bbf7446c57bb5e7edadfba8

  • SHA256

    3e65f49adee42b958ebcd10a30bd1ade1f3a213cb3d1616dec6a8acc0c2836a5

  • SHA512

    7f7ed97555c85fd99ec5f4e8e27306f351d5d36931d690ed9781c47a1da3916f22895b895da5c21034112f81b8e76b35dda1bdc9a15ebb96c6fde817de6d0b75

  • SSDEEP

    98304:uviz/27qWGq/TzuqCDl2Ptao7jiczWP/X5s85m5Nl:uviq75/TzuflVZTGNl

Malware Config

Targets

    • Target

      ec2bd119fcee7ea76f59daf6ce0ee736_JaffaCakes118

    • Size

      4.0MB

    • MD5

      ec2bd119fcee7ea76f59daf6ce0ee736

    • SHA1

      f5a9a955b62e3e5c7bbf7446c57bb5e7edadfba8

    • SHA256

      3e65f49adee42b958ebcd10a30bd1ade1f3a213cb3d1616dec6a8acc0c2836a5

    • SHA512

      7f7ed97555c85fd99ec5f4e8e27306f351d5d36931d690ed9781c47a1da3916f22895b895da5c21034112f81b8e76b35dda1bdc9a15ebb96c6fde817de6d0b75

    • SSDEEP

      98304:uviz/27qWGq/TzuqCDl2Ptao7jiczWP/X5s85m5Nl:uviq75/TzuflVZTGNl

    • Orcus

      Orcus is a Remote Access Trojan that is being sold on underground forums.

    • Orcus main payload

    • Orcurs Rat Executable

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Drops desktop.ini file(s)

MITRE ATT&CK Enterprise v15

Tasks