orcus | 994d07673de5e6dde1e1292d3502ce4f122c18e112a196278ee5f269b517399c | Triage

Submit
Reports

Overview

overview

Static

static

Valorant S...at.exe

windows7_x64

Valorant S...at.exe

windows10_x64

Sharing

General

Target

Valorant Script.bat.exe
Size

1.4MB
Sample

210526-v1egykknse
MD5

637b3b849ab42985bd2bc59982202df9
SHA1

359dab386ed04c7e9bf1dac6af68ff4b70ee6d71
SHA256

994d07673de5e6dde1e1292d3502ce4f122c18e112a196278ee5f269b517399c
SHA512

db676cc9cc802d57093b6a71a4cba36e84b93e3ca57c421dc3998c219d711cbdadb3537db2d60b94ad14da5cce1c484a59d8d98ddff112715840d218f1d55488

Score

10^/10

orcus lol rat spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

Valorant Script.bat.exe

Resource

win7v20210410

orcus lol rat spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Valorant Script.bat.exe

Resource

win10v20210408

orcus lol rat spyware stealer

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

orcus

Botnet

lol

C2

isnadsknsbs-38398.portmap.host:12201

Mutex

e1b8920439fc43a68e4d8395e70dc516

Attributes

autostart_method
TaskScheduler
enable_keylogger
true
install_path
%programfiles%\Orcus\Orcus.exe
reconnect_delay
10000
registry_keyname
Orcus
taskscheduler_taskname
Orcus
watchdog_path
AppData\OrcusWatchdog.exe

Targets

- Target
  
  Valorant Script.bat.exe
- Size
  
  1.4MB
- MD5
  
  637b3b849ab42985bd2bc59982202df9
- SHA1
  
  359dab386ed04c7e9bf1dac6af68ff4b70ee6d71
- SHA256
  
  994d07673de5e6dde1e1292d3502ce4f122c18e112a196278ee5f269b517399c
- SHA512
  
  db676cc9cc802d57093b6a71a4cba36e84b93e3ca57c421dc3998c219d711cbdadb3537db2d60b94ad14da5cce1c484a59d8d98ddff112715840d218f1d55488
Score

10^/10

orcus lol rat spyware stealer
- Orcus
  Orcus is a Remote Access Trojan that is being sold on underground forums.
  rat spyware stealer orcus
- Orcus Main Payload
- Orcurs Rat Executable
- Executes dropped EXE
- Loads dropped DLL
- Drops desktop.ini file(s)
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

orcuslolratspywarestealer

behavioral2

orcuslolratspywarestealer

© 2018-2024

Terms | Privacy