orcus | e02850224e42be3bb2e7de2eccbab2fea66c18a4ee309532ca5e59350d68eae4 | Triage

Submit
Reports

Overview

overview

Static

static

e02850224e...e4.exe

windows7-x64

7

e02850224e...e4.exe

windows10-2004-x64

7

Sharing

General

Target

e02850224e42be3bb2e7de2eccbab2fea66c18a4ee309532ca5e59350d68eae4
Size

932KB
Sample

241121-b3al7ayclq
MD5

19eb4feed67a15713b756b0335a308ed
SHA1

9e3166f1040cd8345df21a48c630c4a0f4ac3c87
SHA256

e02850224e42be3bb2e7de2eccbab2fea66c18a4ee309532ca5e59350d68eae4
SHA512

f667afc5f62cdf4a241cf5f53a40b95393a8d5731e982dc3ad55a0366da38c74495d4cd22f05ecb95e302b09850ebade9684ef228ae3a83b7e3acd7cf1bc90d0
SSDEEP

24576:G9T4MROxnFE3GrXpErZlI0AilFEvxHiKW:G90MiukpErZlI0AilFEvxHi

Score

10^/10

orcus discovery

Static task

static1

4 signatures

Behavioral task

behavioral1

Sample

e02850224e42be3bb2e7de2eccbab2fea66c18a4ee309532ca5e59350d68eae4.exe

Resource

win7-20240903-en

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

e02850224e42be3bb2e7de2eccbab2fea66c18a4ee309532ca5e59350d68eae4.exe

Resource

win10v2004-20241007-en

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Extracted

Family

orcus

C2

192.168.0.2:25565

Mutex

8205ee58b99544f9b60289e2f6a7e980

Attributes

autostart_method
Disable
enable_keylogger
false
install_path
%programfiles%\Orcus\Orcus.exe
reconnect_delay
10000
registry_keyname
Orcus
taskscheduler_taskname
Orcus
watchdog_path
AppData\OperaWatchdog.exe

Targets

- Target
  
  e02850224e42be3bb2e7de2eccbab2fea66c18a4ee309532ca5e59350d68eae4
- Size
  
  932KB
- MD5
  
  19eb4feed67a15713b756b0335a308ed
- SHA1
  
  9e3166f1040cd8345df21a48c630c4a0f4ac3c87
- SHA256
  
  e02850224e42be3bb2e7de2eccbab2fea66c18a4ee309532ca5e59350d68eae4
- SHA512
  
  f667afc5f62cdf4a241cf5f53a40b95393a8d5731e982dc3ad55a0366da38c74495d4cd22f05ecb95e302b09850ebade9684ef228ae3a83b7e3acd7cf1bc90d0
- SSDEEP
  
  24576:G9T4MROxnFE3GrXpErZlI0AilFEvxHiKW:G90MiukpErZlI0AilFEvxHi
Score

7^/10

discovery
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Drops desktop.ini file(s)
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2024

Terms | Privacy