orcus | Mon May 03 2021 20_24_50 GMT-0500 (Central Daylight Time)[.]zip | Triage

Sharing

General

Target

Mon May 03 2021 20_24_50 GMT-0500 (Central Daylight Time).zip
Size

910KB
MD5

f3c901a028f999c9d7d09e585c0a1f91
SHA1

d07976b18d63711f6185817ec9dfb1978a00189e
SHA256

3a83243f35fa61fb6586f5bf2032597fa8bd6fa32c067f011e7b170c5f7ab529
SHA512

88a857cc5f1da6053fd4ecc839c6669891b310e5b527967fb4e9547431236ac4bb5a9662470d867966b42dd74eff941162accbe9ac1b02e54b06601c3ba233fb

Score

10^/10

orcus

Malware Config

Extracted

Family

orcus

C2

179.43.176.20:5555

Mutex

ae22de65f6d645a28ca19a1a6708c2e6

Attributes

autostart_method
Registry
enable_keylogger
true
install_path
%appdata%\retry\retry.exe
reconnect_delay
10000
registry_keyname
retry
taskscheduler_taskname
retry
watchdog_path
AppData\retryWatchdog.exe

Signatures

Orcurs Rat Executable 2 IoCs

Processes:

resource	yara_rule
sample	orcus
static1/unpack001/fb302575202fbad92bacb697b475319bb868c43b8ffc62a5b251ff773e76dbc6	orcus

Orcus Main Payload 2 IoCs

Processes:

resource	yara_rule
sample	family_orcus
static1/unpack001/fb302575202fbad92bacb697b475319bb868c43b8ffc62a5b251ff773e76dbc6	family_orcus

Orcus family
orcus

Files

Mon May 03 2021 20_24_50 GMT-0500 (Central Daylight Time).zip
.zip
fb302575202fbad92bacb697b475319bb868c43b8ffc62a5b251ff773e76dbc6
.exe windows x86