General
-
Target
123.exe
-
Size
3.0MB
-
Sample
241008-pp6z5a1bng
-
MD5
07240cd6ba75c9de0b73c89e44d95b7a
-
SHA1
2081431367f5ecfcd338becc676dfdfc09324329
-
SHA256
a91db08cd243f4a8186026af1a99ea3d5c90ed868fb54c4465b115c8ec20c06d
-
SHA512
56fb58adc517326ecc8bdbade7a36fc14a47c5c1c6aecd6ca27b58c623b502d0c667d9fcb67db46dcdd397d1821b96ed350166451572e54fae2b6897df2d7ca9
-
SSDEEP
49152:snwEKO3T5adZKM0sz5otCeEvsDKx+msbfGGW8wlBKJwAypQxbxEo9JnCmm8crZEu:snwtODUKTslWp2MpbfGGilIJPypSbxEe
Malware Config
Extracted
orcus
10.9.173.50:1337
c7a29885defe4dd8a65fbed3f3afa030
-
autostart_method
Disable
-
enable_keylogger
false
-
install_path
%programfiles%\Orcus\Orcus.exe
-
reconnect_delay
10000
-
registry_keyname
Orcus
-
taskscheduler_taskname
Orcus
-
watchdog_path
AppData\OrcusWatchdog.exe
Targets
-
-
Target
123.exe
-
Size
3.0MB
-
MD5
07240cd6ba75c9de0b73c89e44d95b7a
-
SHA1
2081431367f5ecfcd338becc676dfdfc09324329
-
SHA256
a91db08cd243f4a8186026af1a99ea3d5c90ed868fb54c4465b115c8ec20c06d
-
SHA512
56fb58adc517326ecc8bdbade7a36fc14a47c5c1c6aecd6ca27b58c623b502d0c667d9fcb67db46dcdd397d1821b96ed350166451572e54fae2b6897df2d7ca9
-
SSDEEP
49152:snwEKO3T5adZKM0sz5otCeEvsDKx+msbfGGW8wlBKJwAypQxbxEo9JnCmm8crZEu:snwtODUKTslWp2MpbfGGilIJPypSbxEe
Score10/10-
Orcus
Orcus is a Remote Access Trojan that is being sold on underground forums.
-
Orcus main payload
-
Orcurs Rat Executable
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-