Overview

overview

10

Static

static

10

9E01A75033...38.exe

windows7-x64

10

9E01A75033...38.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    9E01A75033D1B6A32628E48F855E8D38.exe

  • Size

    995KB

  • Sample

    250120-redxpssqem

  • MD5

    9e01a75033d1b6a32628e48f855e8d38

  • SHA1

    468634240b604340bbbb5b921df925c3f395fcf9

  • SHA256

    de0abb05a3ab58a6d7347837f219f7dbc84814d553eb2e28a393a2ebac90b565

  • SHA512

    a9b3473359edb262d3a6d6cef8d2b2e8744e8a2ad6fc29cc0d003646d58a50a0c5cdf912699ee8bf1ba898f6b52ab117386d0bcc26ac837fe5b6d5c2cd204356

  • SSDEEP

    24576:0NCnod4Mp+xnFN3Fs33SCarsvIENFIUHj/r1g:EOzM6zFs3CCarsvIENFIUHbrW

Score
10/10
orcusdiscoverypersistenceratspywarestealer

Malware Config

Targets

    • Target

      9E01A75033D1B6A32628E48F855E8D38.exe

    • Size

      995KB

    • MD5

      9e01a75033d1b6a32628e48f855e8d38

    • SHA1

      468634240b604340bbbb5b921df925c3f395fcf9

    • SHA256

      de0abb05a3ab58a6d7347837f219f7dbc84814d553eb2e28a393a2ebac90b565

    • SHA512

      a9b3473359edb262d3a6d6cef8d2b2e8744e8a2ad6fc29cc0d003646d58a50a0c5cdf912699ee8bf1ba898f6b52ab117386d0bcc26ac837fe5b6d5c2cd204356

    • SSDEEP

      24576:0NCnod4Mp+xnFN3Fs33SCarsvIENFIUHj/r1g:EOzM6zFs3CCarsvIENFIUHbrW

    Score
    10/10
    orcusdiscoverypersistenceratspywarestealer

    • Orcus

      Orcus is a Remote Access Trojan that is being sold on underground forums.

      ratspywarestealerorcus

    • Orcus family

      orcus

    • Orcus main payload

    • Orcurs Rat Executable

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks