Extracted

• • Target

    7d5a9ed595cb27651d91a53abc6670a76d32d7465c28e7044395402f9dad5a4c

  • Size

    912KB

  • MD5

    f48aabd1c6be6b533f4adf2e1a94c0c8

  • SHA1

    1d6a0fc0fc8e4fb8c0db9645cd6a2399e1edee91

  • SHA256

    7d5a9ed595cb27651d91a53abc6670a76d32d7465c28e7044395402f9dad5a4c

  • SHA512

    0b0b3251166708bb8bbd3ff8da03c84c46869d09718309ffa79c9ead6a8c4b2f7ca5b998283253f8b6e578329250e93f19aac3c5f5aa121aa930354a70076c58

  • SSDEEP

    24576:0am4MROxnFrFPurerrcI0AilFEvxHPtzoop:0OMiMerrcI0AilFEvxHP

  Score

  10^/10

  orcusnerofratspywarestealer

  • Orcus

    Orcus is a Remote Access Trojan that is being sold on underground forums.

    ratspywarestealerorcus

  • Orcurs Rat Executable

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Drops file in System32 directory

  behavioral1behavioral2