Extracted

• • Target

    Kira.exe

  • Size

    3.3MB

  • MD5

    35e41d1dc3e84b3eea60b9809199f3fa

  • SHA1

    b8d2154bb56f0ad94effa5e8c57f4b51e345bf73

  • SHA256

    dd3ee854f6f62c1c964b74dc71fce2da6d29bdf1b8320f5173b1bce54e7c3413

  • SHA512

    a1cd7dc83a0304c46fdf0fe4855880f4d97a18fdef321674a4d00bade7afd8ea64530c55e1a9bd1e1ffce196ee7957f5227d42fdb9f33ecda8b8fae29d11c77a

  • SSDEEP

    49152:gHBVPVP2ym8r2JdVTWRh1/6/R1I9AihZZ7WEqnXrtRI93iS5TChmqrjyBE3Hi8uy:iRAMBChm+jwE3HSOZssBs+H

  Score

  10^/10

  orcusdiscoveryratspywarestealer

  • Orcus

    Orcus is a Remote Access Trojan that is being sold on underground forums.

    ratspywarestealerorcus

  • Orcus family

    orcus

  • Orcurs Rat Executable

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  behavioral1