Extracted

• • Target

    FATALITY CS2.exe

  • Size

    924KB

  • MD5

    c81a86cb381a5ff2b05dc3d748cab736

  • SHA1

    dd3494d263c772c428e7db24b17c6b5e9380c418

  • SHA256

    3d3f9ad0edee3dc1cd897f9f4892d4e02ff15fa7d284d02079cf52ece0dbf315

  • SHA512

    60b6ea3f5312a6535c5eb1edd1b9e9363cdc1f7b99d66ca91d4af7dbc2b0e77be73eacf649e162e80b4ab0d3f0d7d1fab6f09eb3a59f6850099b3eeed10cc6b9

  • SSDEEP

    24576:uqSM4MROxnFE3zO3irrcI0AilFEvxHPRooo:7AMiugirrcI0AilFEvxHP

  Score

  10^/10

  orcusfatality cs2discoveryratspywarestealer

  • Orcus

    Orcus is a Remote Access Trojan that is being sold on underground forums.

    ratspywarestealerorcus

  • Orcus family

    orcus

  • Orcus main payload

  • Orcurs Rat Executable

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Drops file in System32 directory

  behavioral1