Extracted

• • Target

    6d62bd507f45d3dda13b1e20f71705e614c6601bf85c1add695f64f1ce25fdaf

  • Size

    3.1MB

  • MD5

    a440503b1c50894d954d12cc8e341e56

  • SHA1

    33489285a75483d33876baa5880dcf418394b80a

  • SHA256

    6d62bd507f45d3dda13b1e20f71705e614c6601bf85c1add695f64f1ce25fdaf

  • SHA512

    42f36a654ca1fb2868a7d1026ef118a398285307c8f44b4e8e6d9c6d8090368c59ea232955d131839d30e63a56e317d1e068e725324a44a473b4522b5655ac2c

  • SSDEEP

    49152:oP7p1EZKMnkmWg8LX5prviYDyKS5AypQxbRQAo9JnCmpiu/nRFfjI7L0qbg:oPHTPJg8z1mKnypSbRxo9JCml

  Score

  10^/10

  orcusnormdiscoveryratspywarestealer

  • Orcus

    Orcus is a Remote Access Trojan that is being sold on underground forums.

    ratspywarestealerorcus

  • Orcus family

    orcus

  • Orcus main payload

  • Orcurs Rat Executable

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Suspicious use of SetThreadContext

  behavioral1behavioral2