General
-
Target
128f9907493f02c86832e77ee1baeb50.exe
-
Size
1022KB
-
Sample
240520-rlneqaeb81
-
MD5
128f9907493f02c86832e77ee1baeb50
-
SHA1
1a5f9e929ed8f3a83073156403a2cd943f29523b
-
SHA256
f877b39e42932d1cb0bb2df1742c5fb492fdca752970e3397e733218d112be7b
-
SHA512
be49646190ff383c3f9e9d6018c66abdbb86b6a807c6d8b2c789c33b9db6dc1ea99044b96feb54ec6cde0b46ab0c807c8005739ffd84ac181c22cb616185b684
-
SSDEEP
24576:le3veFbXAD9zWi4MxO6m6b/fYLGACf9Dtc2PyY:le/etqzXOu1Ff9DtTy
Malware Config
Extracted
orcus
45.157.69.156:443
3b453ed253424c82a94898f42bb6a1be
-
autostart_method
Disable
-
enable_keylogger
false
-
install_path
%programfiles%\Orcus\Orcus.exe
-
reconnect_delay
10000
-
registry_keyname
Orcus
-
taskscheduler_taskname
Orcus
-
watchdog_path
AppData\OrcusWatchdog.exe
Targets
-
-
Target
128f9907493f02c86832e77ee1baeb50.exe
-
Size
1022KB
-
MD5
128f9907493f02c86832e77ee1baeb50
-
SHA1
1a5f9e929ed8f3a83073156403a2cd943f29523b
-
SHA256
f877b39e42932d1cb0bb2df1742c5fb492fdca752970e3397e733218d112be7b
-
SHA512
be49646190ff383c3f9e9d6018c66abdbb86b6a807c6d8b2c789c33b9db6dc1ea99044b96feb54ec6cde0b46ab0c807c8005739ffd84ac181c22cb616185b684
-
SSDEEP
24576:le3veFbXAD9zWi4MxO6m6b/fYLGACf9Dtc2PyY:le/etqzXOu1Ff9DtTy
Score10/10-
Orcus
Orcus is a Remote Access Trojan that is being sold on underground forums.
-
Orcurs Rat Executable
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-