Overview

overview

10

Static

static

1

31f17bf44f...b4.bat

windows7-x64

1

31f17bf44f...b4.bat

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    31f17bf44fd2ce3fb0fde898d5bea0c35d18c82d3e2e9fcdae3cb8cd9f9fffb4.bat

  • Size

    3.5MB

  • Sample

    240424-blxemade3s

  • MD5

    45730c9d81cdc2677ea2bd082eb79edb

  • SHA1

    7ece7b975ab6506d83dac94f685e2cedbe56dd6b

  • SHA256

    31f17bf44fd2ce3fb0fde898d5bea0c35d18c82d3e2e9fcdae3cb8cd9f9fffb4

  • SHA512

    d4504b96971c71e38207b56ada95f5e78f8536aaa88a3cbeebaa16627ff548f620672c0d4c61e74707fdc2662ec99584b5dc8d6e3fa1b7056f9595531422b687

  • SSDEEP

    49152:mR8s3zr/pxAN80OHguszxrEC/agxlnUrLvlKNNwI:d

Score
10/10
orcusratspywarestealer

Malware Config

Targets

    • Target

      31f17bf44fd2ce3fb0fde898d5bea0c35d18c82d3e2e9fcdae3cb8cd9f9fffb4.bat

    • Size

      3.5MB

    • MD5

      45730c9d81cdc2677ea2bd082eb79edb

    • SHA1

      7ece7b975ab6506d83dac94f685e2cedbe56dd6b

    • SHA256

      31f17bf44fd2ce3fb0fde898d5bea0c35d18c82d3e2e9fcdae3cb8cd9f9fffb4

    • SHA512

      d4504b96971c71e38207b56ada95f5e78f8536aaa88a3cbeebaa16627ff548f620672c0d4c61e74707fdc2662ec99584b5dc8d6e3fa1b7056f9595531422b687

    • SSDEEP

      49152:mR8s3zr/pxAN80OHguszxrEC/agxlnUrLvlKNNwI:d

    Score
    10/10
    orcusratspywarestealer

    • Orcus

      Orcus is a Remote Access Trojan that is being sold on underground forums.

      ratspywarestealerorcus

    • Detects executables containing common artifacts observed in infostealers

    • Detects executables manipulated with Fody

    • Orcurs Rat Executable

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks