Extracted

• • Target

    9bac75ad2bd5b1e382da455301ff67d7db4a968f06458617f3a80703730a9982

  • Size

    3.0MB

  • MD5

    76ebe65d072c9e73120712feda61382a

  • SHA1

    6dc8c943173592d2c950d622c01b37617acc6d73

  • SHA256

    9bac75ad2bd5b1e382da455301ff67d7db4a968f06458617f3a80703730a9982

  • SHA512

    6661d11afe52f54a10a6f1ad0b9a13954731e8c6b912f6fe94d29e9164599ee5f80d47a679cc44bbd0a458d065b0cb39a863272b42402c4c64d9ae87f6955698

  • SSDEEP

    49152:X1JS4QZeM9/sj9aB50J5srKq9lPAypQxbvVo9JnCmhT0WncFfHIp4gJ3eF:XGKSf0HcyypSbvVo9JCm

  Score

  10^/10

  orcusdiscoveryratspywarestealer

  • Orcus

    Orcus is a Remote Access Trojan that is being sold on underground forums.

    ratspywarestealerorcus

  • Orcus family

    orcus

  • Orcurs Rat Executable

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Drops file in System32 directory

  behavioral1behavioral2