General
-
Target
Rc7- Cracked by Roque Exploitzz.exe
-
Size
907KB
-
Sample
240723-j8y6qsweqb
-
MD5
5668bd983341f9ffd4726d887090b64c
-
SHA1
1a150545d2fb65240101f9466b1043269b379f25
-
SHA256
afb1bf7f37ba0ff0ccd8fa29c7089abc4975fef56155ab9f3c1535fea70b1f0d
-
SHA512
0dcb2b2a1c2ee10c3b3727e3cfde698ec339569003bc3e18a6b76de65e7497080799d2e52fae234cb4e5ab518a296bf0d4f2f350f0571a1b39bc8b3e584c6ed1
-
SSDEEP
24576:nhv4MROxnFj3IrkxrrcI0AilFEvxHPyooT:nKMi1UqrrcI0AilFEvxHP
Behavioral task
behavioral1
Sample
Rc7- Cracked by Roque Exploitzz.exe
Resource
win10v2004-20240709-en
Malware Config
Extracted
orcus
wowthatsagoodmeme.ddns.net:10134
4be6c8113962424a916b8095b89af0c9
-
autostart_method
Registry
-
enable_keylogger
true
-
install_path
%appdata%\WlNDOWS DEFENDER\UPDATER.exe
-
reconnect_delay
10000
-
registry_keyname
Wlndows Defender
-
taskscheduler_taskname
Orcus
-
watchdog_path
AppData\%appdata%/WlNDOWS DEFENDER/WlNDOWS DEFENDER UPDATER.exe
Targets
-
-
Target
Rc7- Cracked by Roque Exploitzz.exe
-
Size
907KB
-
MD5
5668bd983341f9ffd4726d887090b64c
-
SHA1
1a150545d2fb65240101f9466b1043269b379f25
-
SHA256
afb1bf7f37ba0ff0ccd8fa29c7089abc4975fef56155ab9f3c1535fea70b1f0d
-
SHA512
0dcb2b2a1c2ee10c3b3727e3cfde698ec339569003bc3e18a6b76de65e7497080799d2e52fae234cb4e5ab518a296bf0d4f2f350f0571a1b39bc8b3e584c6ed1
-
SSDEEP
24576:nhv4MROxnFj3IrkxrrcI0AilFEvxHPyooT:nKMi1UqrrcI0AilFEvxHP
Score10/10-
Orcus main payload
-
Orcurs Rat Executable
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-