Extracted

• • Target

    93db7516173baef742090e042347142ab0c48ab7d5175417ec7aa10ae66961fe

  • Size

    3.0MB

  • MD5

    035a7d77f518443bed37aba5e028437d

  • SHA1

    2b4090d2c65e08fda29b48e1a43267f132f76a53

  • SHA256

    93db7516173baef742090e042347142ab0c48ab7d5175417ec7aa10ae66961fe

  • SHA512

    ea59649116c3137123c6ced6c51e977770bcaf2a3446a9bf7d06e1d90aad055dae18d55364749b8050f72dba8674325d8af1fe3b46146ed29a256e58717b063e

  • SSDEEP

    49152:gjXS4QZeM9/sj9aB50J5srKq9lPAypQxbvVo9JnCm8eWncFfHIp4gJ3DF:gmKSf0HcyypSbvVo9JCm

  Score

  10^/10

  orcusdiscoverypersistenceratspywarestealer

  • Orcus

    Orcus is a Remote Access Trojan that is being sold on underground forums.

    ratspywarestealerorcus

  • Orcus family

    orcus

  • Orcurs Rat Executable

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Adds Run key to start application

    persistence
  behavioral1behavioral2