Extracted

• • Target

    2342.exe

  • Size

    907KB

  • MD5

    840aae69e0ade8737af46709b0e70a12

  • SHA1

    7cd1b72849c21e22e00677350565eee5fd004cb9

  • SHA256

    7a6299c1f92c23741b546f6445655d2b28d5ec591719d7c55f942316c867f21c

  • SHA512

    873798481adbeddb4011b43e1dfda20f73d4cc30cda5c964504f60fc42c71aa486b10da9330f4d90c2c457b758e0c14e8274a1b3c920ed166b60a9b523f51092

  • SSDEEP

    12288:foHWszy2LkjKgEX0pq5g7dG1lFlWcYT70pxnnaaoawvjKgRRAYrZNrI0AilFEvxH:Deu4MROxnFDgHLrZlI0AilFEvxHidE

  Score

  10^/10

  orcusratspywarestealer

  • Orcus

    Orcus is a Remote Access Trojan that is being sold on underground forums.

    ratspywarestealerorcus

  • Orcus family

    orcus

  • Orcus main payload

  • Orcurs Rat Executable

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Drops desktop.ini file(s)

  behavioral1behavioral2