General
-
Target
ezz.exe
-
Size
839KB
-
Sample
250115-yzwftavnbr
-
MD5
fb5f2a9dc11615c13e4c82a40b9fc9d8
-
SHA1
3016dcc9b220f466f149904ddf5fa37fe130c71d
-
SHA256
590df9d725bd0779f6b4ad03e59c3be6c1b6682c8871eaaf44707fdc6688a5de
-
SHA512
450cc8a0aae2110cd30fc6d89d37ac0364f56c281a4cc502e049579b17bf3d8e3cd66d2ca0308b05eb235431cd3dc3b8de860af5832415dc65c2f3d77b490249
-
SSDEEP
24576:p0S04YNEMuExDiU6E5R9s8xY/2l/dLtnIbt+r8:ps4auS+UjfU2TLdIbt+r
Malware Config
Extracted
orcus
0.tcp.ngrok.io
6ac35dadbe784865901cb0fd28c393c9
-
administration_rights_required
false
-
anti_debugger
false
-
anti_tcp_analyzer
false
-
antivm
false
-
autostart_method
1
-
change_creation_date
false
-
force_installer_administrator_privileges
false
-
hide_file
false
-
install
false
-
installation_folder
%TEMP%
-
installservice
false
-
keylogger_enabled
false
-
newcreationdate
04/02/2021 00:00:00
-
plugins
AgEAAA==
-
reconnect_delay
10000
-
registry_autostart_keyname
Audio HD Driver
-
registry_hidden_autostart
false
-
set_admin_flag
false
-
tasksch_name
Audio HD Driver
-
tasksch_request_highest_privileges
false
-
try_other_autostart_onfail
false
Targets
-
-
Target
ezz.exe
-
Size
839KB
-
MD5
fb5f2a9dc11615c13e4c82a40b9fc9d8
-
SHA1
3016dcc9b220f466f149904ddf5fa37fe130c71d
-
SHA256
590df9d725bd0779f6b4ad03e59c3be6c1b6682c8871eaaf44707fdc6688a5de
-
SHA512
450cc8a0aae2110cd30fc6d89d37ac0364f56c281a4cc502e049579b17bf3d8e3cd66d2ca0308b05eb235431cd3dc3b8de860af5832415dc65c2f3d77b490249
-
SSDEEP
24576:p0S04YNEMuExDiU6E5R9s8xY/2l/dLtnIbt+r8:ps4auS+UjfU2TLdIbt+r
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Drops desktop.ini file(s)
-
Drops file in System32 directory
-