General
-
Target
394b08793f9fe3eb5fb28a5897ab9378eb8148139fd91644cc3f33c03f874919
-
Size
1.1MB
-
Sample
241206-be8t3s1rav
-
MD5
54347e3ae6be9d69ed6e88015e8a2db6
-
SHA1
dc582adf052059014ec7fdf151ad191fa85175ed
-
SHA256
394b08793f9fe3eb5fb28a5897ab9378eb8148139fd91644cc3f33c03f874919
-
SHA512
3210978088b571bd9fe1d14f1a4b483af28436b5730850fcad4e171616cf52b0a40ac210cf0cc565e17788fa83f2d5bb0fc1ae38ee721e80a1ccfa871a26458c
-
SSDEEP
24576:/Wnsll7mfUe+VnaFCnIR7XSA3Kd4Mp+xnFl3U:fvhe+naFCnIR7XSA6qM6H
Malware Config
Targets
-
-
Target
394b08793f9fe3eb5fb28a5897ab9378eb8148139fd91644cc3f33c03f874919
-
Size
1.1MB
-
MD5
54347e3ae6be9d69ed6e88015e8a2db6
-
SHA1
dc582adf052059014ec7fdf151ad191fa85175ed
-
SHA256
394b08793f9fe3eb5fb28a5897ab9378eb8148139fd91644cc3f33c03f874919
-
SHA512
3210978088b571bd9fe1d14f1a4b483af28436b5730850fcad4e171616cf52b0a40ac210cf0cc565e17788fa83f2d5bb0fc1ae38ee721e80a1ccfa871a26458c
-
SSDEEP
24576:/Wnsll7mfUe+VnaFCnIR7XSA3Kd4Mp+xnFl3U:fvhe+naFCnIR7XSA6qM6H
Score10/10-
Orcus
Orcus is a Remote Access Trojan that is being sold on underground forums.
-
Orcus family
-
Orcus main payload
-
Looks for VirtualBox Guest Additions in registry
-
Orcurs Rat Executable
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-