General
-
Target
43e36fd935092b8ac4c90d77c5fc81ef31b0e917aea3e081f246341ff7532ae3
-
Size
5.0MB
-
Sample
250112-bqh3ss1jhk
-
MD5
a846562bd184159534ac6b3d620ca797
-
SHA1
a6b359a0c8b73437cd9e767dca3c235879efc61d
-
SHA256
43e36fd935092b8ac4c90d77c5fc81ef31b0e917aea3e081f246341ff7532ae3
-
SHA512
7a5d8d56d04bab387234e6b7cc09166d57f9e2c3afd45c5fa8d72ac34e61b36bd071c3f9978ada031c5b15262ae9818dd173fa527a6a6b404b2927a13c6a45ad
-
SSDEEP
12288:roHWszy2LkjKgEX0pq5g7dG1lFlWcYT70pxnnaaoaw1m9cfpCt6IV641rZNrI0A:feu4MROxnF0qrZlI0AilFEvxHiii3
Malware Config
Extracted
orcus
лох
0.0.0.0:1268
2238131840d049628c048d3c6288c463
-
autostart_method
TaskScheduler
-
enable_keylogger
false
-
install_path
%programfiles%\Orcus\Orcus.exe
-
reconnect_delay
10000
-
registry_keyname
Orcus
-
taskscheduler_taskname
Orcus
-
watchdog_path
AppData\OrcusWatchdog.exe
Targets
-
-
Target
43e36fd935092b8ac4c90d77c5fc81ef31b0e917aea3e081f246341ff7532ae3
-
Size
5.0MB
-
MD5
a846562bd184159534ac6b3d620ca797
-
SHA1
a6b359a0c8b73437cd9e767dca3c235879efc61d
-
SHA256
43e36fd935092b8ac4c90d77c5fc81ef31b0e917aea3e081f246341ff7532ae3
-
SHA512
7a5d8d56d04bab387234e6b7cc09166d57f9e2c3afd45c5fa8d72ac34e61b36bd071c3f9978ada031c5b15262ae9818dd173fa527a6a6b404b2927a13c6a45ad
-
SSDEEP
12288:roHWszy2LkjKgEX0pq5g7dG1lFlWcYT70pxnnaaoaw1m9cfpCt6IV641rZNrI0A:feu4MROxnF0qrZlI0AilFEvxHiii3
Score10/10-
Orcus
Orcus is a Remote Access Trojan that is being sold on underground forums.
-
Orcus family
-
Orcus main payload
-
Orcurs Rat Executable
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Drops desktop.ini file(s)
-
Drops file in System32 directory
-