orcus | 3a83243f35fa61fb6586f5bf2032597fa8bd6fa32c067f011e7b170c5f7ab529 | Triage

Submit
Reports

Overview

overview

Static

static

fb30257520...c6.exe

windows7_x64

fb30257520...c6.exe

windows10_x64

Sharing

General

Target

f3c901a0_by_Libranalysis
Size

910KB
Sample

210504-6b98tm1lts
MD5

f3c901a028f999c9d7d09e585c0a1f91
SHA1

d07976b18d63711f6185817ec9dfb1978a00189e
SHA256

3a83243f35fa61fb6586f5bf2032597fa8bd6fa32c067f011e7b170c5f7ab529
SHA512

88a857cc5f1da6053fd4ecc839c6669891b310e5b527967fb4e9547431236ac4bb5a9662470d867966b42dd74eff941162accbe9ac1b02e54b06601c3ba233fb

Score

10^/10

orcus rat spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

fb302575202fbad92bacb697b475319bb868c43b8ffc62a5b251ff773e76dbc6.exe

Resource

win7v20210408

orcus rat spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

fb302575202fbad92bacb697b475319bb868c43b8ffc62a5b251ff773e76dbc6.exe

Resource

win10v20210410

orcus rat spyware stealer

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

orcus

C2

179.43.176.20:5555

Mutex

ae22de65f6d645a28ca19a1a6708c2e6

Attributes

autostart_method
Registry
enable_keylogger
true
install_path
%appdata%\retry\retry.exe
reconnect_delay
10000
registry_keyname
retry
taskscheduler_taskname
retry
watchdog_path
AppData\retryWatchdog.exe

Targets

- Target
  
  fb302575202fbad92bacb697b475319bb868c43b8ffc62a5b251ff773e76dbc6
- Size
  
  910KB
- MD5
  
  743a525c8aa82ecf21086573633cb63b
- SHA1
  
  9615f9006e748901c7127c3b51ea10c2711a03c0
- SHA256
  
  fb302575202fbad92bacb697b475319bb868c43b8ffc62a5b251ff773e76dbc6
- SHA512
  
  8401653399fcbe4721371e31a6fae2a25a27d251d0cc5d349c3d700087835a3dbdc41775cf5fb51d307c3a9c8e2b6eabe9d6e4123229317b78428817208e1dab
Score

10^/10

orcus rat spyware stealer
- Orcus
  Orcus is a Remote Access Trojan that is being sold on underground forums.
  rat spyware stealer orcus
- Orcus Main Payload
- Orcurs Rat Executable
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

orcusratspywarestealer

behavioral2

orcusratspywarestealer

© 2018-2024

Terms | Privacy