Extracted

• • Target

    asynced.exe

  • Size

    3.0MB

  • MD5

    e9ef5e3e933bde251efc8782a144a914

  • SHA1

    65391af972f53b83c3a25d01474908e247d29af9

  • SHA256

    eaae55454ba3a037f6fc934d38fd9574da848fa7b6bfc0dcf986f9b43ea1e224

  • SHA512

    c902c713e3c750ddd02c6d67efa7c12500acaf956ea69cb5bf6ea0dcdb0436d8b09971ef2ca47a39771bb20aa59b9a7072428d531eb519fa3fbf0b4d39841546

  • SSDEEP

    49152:eNODf7+QSLqZeM9/04zgaMWUljQfJgVXkKAypQxb0/o9JnCmsWncFf0I74gu3zM:egyb2MnjQBEUNypSb6o9JCm

  Score

  10^/10

  orcusratspywarestealer

  • Orcus

    Orcus is a Remote Access Trojan that is being sold on underground forums.

    ratspywarestealerorcus

  • Orcus family

    orcus

  • Orcurs Rat Executable

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  behavioral1behavioral2