Extracted

• • Target

    fa2bbc8089706adc0ded30753f526ef1fcab3a1069ab99caba7e8e3ea26d7e6e

  • Size

    3.0MB

  • MD5

    7f580432eb19d02f431c76b06da0b824

  • SHA1

    4c781782cf508ce8012f9987a413e720db9205e3

  • SHA256

    fa2bbc8089706adc0ded30753f526ef1fcab3a1069ab99caba7e8e3ea26d7e6e

  • SHA512

    f9f38b26e7c09c45c899ab1c395f684b3b4d6ea0a70b7d7a6e46a2b1edffd0da1ae4b001ba2a98abac234fdbad613d6b19f9d96260e6d9e2eb5dce2f49c99e34

  • SSDEEP

    49152:ZGX87p1EZKMnkmWg8LX5prviYDyKS5AypQxbRQAo9JnCmpKu/nRFfjI7L0qb:ZLHTPJg8z1mKnypSbRxo9JCm

  Score

  10^/10

  orcuscheckerdiscoveryratspywarestealer

  • Orcus

    Orcus is a Remote Access Trojan that is being sold on underground forums.

    ratspywarestealerorcus

  • Orcus family

    orcus

  • Orcus main payload

  • Orcurs Rat Executable

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Suspicious use of SetThreadContext

  behavioral1behavioral2