orcus | 88f3320f4bcd533c568b9ba53205deb1b0e430c3c32a1dfa0bfded03851114a8 | Triage

Submit
Reports

Overview

overview

Static

static

658CB5F3BD...83.exe

windows7_x64

658CB5F3BD...83.exe

windows10_x64

Sharing

General

Target

658CB5F3BD26B13BB619C625501D7283.exe
Size

907KB
Sample

210521-dtzh4fq5ds
MD5

658cb5f3bd26b13bb619c625501d7283
SHA1

55ed61f7bd39147201a022ec3f83edfc8c58e002
SHA256

88f3320f4bcd533c568b9ba53205deb1b0e430c3c32a1dfa0bfded03851114a8
SHA512

d932c5b58120b466ae3451ececbb9fc323603d70b728294dce88e8b911c38dd65f0a81ec8fbba7f4c7dd2b9f9f3304de318a5297703e1d94204c89c3be55ad91

Score

10^/10

orcus people rat spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

658CB5F3BD26B13BB619C625501D7283.exe

Resource

win7v20210408

orcus people rat spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

658CB5F3BD26B13BB619C625501D7283.exe

Resource

win10v20210410

orcus people rat spyware stealer

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

orcus

Botnet

People

C2

4.tcp.ngrok.io:16788

Mutex

55c8e5e3f5fe4794a3ef3a55735c66ad

Attributes

autostart_method
Registry
enable_keylogger
true
install_path
%appdata%\MultiRunner\MultiRunner.exe
reconnect_delay
10000
registry_keyname
MutliRunner
taskscheduler_taskname
MultiRunner
watchdog_path
AppData\MultiHelper.exe

Targets

- Target
  
  658CB5F3BD26B13BB619C625501D7283.exe
- Size
  
  907KB
- MD5
  
  658cb5f3bd26b13bb619c625501d7283
- SHA1
  
  55ed61f7bd39147201a022ec3f83edfc8c58e002
- SHA256
  
  88f3320f4bcd533c568b9ba53205deb1b0e430c3c32a1dfa0bfded03851114a8
- SHA512
  
  d932c5b58120b466ae3451ececbb9fc323603d70b728294dce88e8b911c38dd65f0a81ec8fbba7f4c7dd2b9f9f3304de318a5297703e1d94204c89c3be55ad91
Score

10^/10

orcus people rat spyware stealer
- Orcus
  Orcus is a Remote Access Trojan that is being sold on underground forums.
  rat spyware stealer orcus
- Orcus Main Payload
- Orcurs Rat Executable
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

orcuspeopleratspywarestealer

behavioral2

orcuspeopleratspywarestealer

© 2018-2024

Terms | Privacy