Extracted

• • Target

    0364a3e0405bb8339abb28e24df1e88a1874ff283de9c81edac84e39a8b73c83

  • Size

    910KB

  • MD5

    4d67c5767748dc2feefe86ab7a104a35

  • SHA1

    99bce029c8f3efe7d491b1fa8a9fb49df2873fa1

  • SHA256

    0364a3e0405bb8339abb28e24df1e88a1874ff283de9c81edac84e39a8b73c83

  • SHA512

    180b2f9ee8930e328fb9ee47d4d5a8b4f4209ea68949329c17d9027c3fb4472f174a69b5858bf49aca97b257085e12109a47b1837f33d093fdcbe364d01fc508

  • SSDEEP

    24576:INL34MROxnFf3HumxrrcI0AilFEvxHPzrooB:IWMidDrrcI0AilFEvxHP

  Score

  10^/10

  orcusdiscoveryratspywarestealer

  • Orcus

    Orcus is a Remote Access Trojan that is being sold on underground forums.

    ratspywarestealerorcus

  • Orcus family

    orcus

  • Orcus main payload

  • Orcurs Rat Executable

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  behavioral1behavioral2