General
-
Target
6f3954aad101b238afcfe6f77386eda5baf60b732c0bc0cd7c887138731725ed
-
Size
914KB
-
Sample
240413-bwnkgahg92
-
MD5
f10eafb748a1fdf85bf02969f63aaaa7
-
SHA1
beba8c2489f04ce70d987ebe1ea06d927f2969c0
-
SHA256
6f3954aad101b238afcfe6f77386eda5baf60b732c0bc0cd7c887138731725ed
-
SHA512
59818cef311a3c16e323d79c82f3fc072c480ea3c5734aa674b3a9bbeeafe6387c38f13293974e0aaf4fbb5e28f5daa3b11005ecbf757eb7e1896f26ee43ae1b
-
SSDEEP
24576:Khg4MROxnFR3KTn9rZlI0AilFEvxHizz:KhDMijKrZlI0AilFEvxHi
Behavioral task
behavioral1
Sample
6f3954aad101b238afcfe6f77386eda5baf60b732c0bc0cd7c887138731725ed.exe
Resource
win7-20240215-en
Malware Config
Extracted
orcus
GameSense
178.20.45.159:7777
fc0fdfbbb6484642afe5af9cb815aeb8
-
autostart_method
Registry
-
enable_keylogger
false
-
install_path
%temp%\Discord\Update.exe
-
reconnect_delay
10000
-
registry_keyname
Update
-
taskscheduler_taskname
Update
-
watchdog_path
Temp\Update.exe
Targets
-
-
Target
6f3954aad101b238afcfe6f77386eda5baf60b732c0bc0cd7c887138731725ed
-
Size
914KB
-
MD5
f10eafb748a1fdf85bf02969f63aaaa7
-
SHA1
beba8c2489f04ce70d987ebe1ea06d927f2969c0
-
SHA256
6f3954aad101b238afcfe6f77386eda5baf60b732c0bc0cd7c887138731725ed
-
SHA512
59818cef311a3c16e323d79c82f3fc072c480ea3c5734aa674b3a9bbeeafe6387c38f13293974e0aaf4fbb5e28f5daa3b11005ecbf757eb7e1896f26ee43ae1b
-
SSDEEP
24576:Khg4MROxnFR3KTn9rZlI0AilFEvxHizz:KhDMijKrZlI0AilFEvxHi
-
Orcus main payload
-
Orcurs Rat Executable
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops desktop.ini file(s)
-