Extracted

• • Target

    8a84df75a293de90b0afab38e0cdd128741bd974e4721d758b6a313466c2360e

  • Size

    893KB

  • MD5

    94aaf96130087168fd841b7d1b6d1033

  • SHA1

    075a59258f1b501b2f44e800a16f676b368fb30d

  • SHA256

    8a84df75a293de90b0afab38e0cdd128741bd974e4721d758b6a313466c2360e

  • SHA512

    31d614b2e1fb50289b9ac7e283422b7700c9875606d8d6fbe870f46e5627f7cca9a37b30084158fd39ed10a00ffff549b1e0d96619c414ea11d9b53f4e6fbd5e

  • SSDEEP

    12288:1NmZ8wcD2K5hxdG1lFlWcYr70RxnnaaoaMx9C6VJudQBznRFfhIKw7I/i2JFRw:1gawcR4Mp+xnFyvy+nRFfhIK8I/i2JU

  Score

  10^/10

  orcuspersistenceratspywarestealer

  • Orcus

    Orcus is a Remote Access Trojan that is being sold on underground forums.

    ratspywarestealerorcus

  • Orcus main payload

  • Orcurs Rat Executable

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Adds Run key to start application

    persistence
  behavioral1behavioral2