orcus | 28027fae1edf2324a8165c9f1a82273f958385c4947e8750a6bdcf29ec2e4906 | Triage

Submit
Reports

Overview

overview

Static

static

5AA7713FD7...78.exe

windows7_x64

5AA7713FD7...78.exe

windows10_x64

Sharing

General

Target

5AA7713FD72747A1EBA1CD2186964478.exe
Size

917KB
Sample

210620-64v53dkdwn
MD5

5aa7713fd72747a1eba1cd2186964478
SHA1

26dc8e8926e6e3a4d3983d2a0321d4f3b9fc1c95
SHA256

28027fae1edf2324a8165c9f1a82273f958385c4947e8750a6bdcf29ec2e4906
SHA512

82d55d7fcfdb9ef7471bcaf48d5fda92bb63995a88c8204ac09a934350bd47ac7d473b1b9f318b1613b332cd82412dfc1db2176d7cecaf29991ac721603e426b

Score

10^/10

orcus eblan rat spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

5AA7713FD72747A1EBA1CD2186964478.exe

Resource

win7v20210410

orcus eblan rat spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

5AA7713FD72747A1EBA1CD2186964478.exe

Resource

win10v20210408

orcus eblan rat spyware stealer

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

orcus

Botnet

eblan

C2

orcustop4ik.duckdns.org:2

Mutex

1ccc713a8fed4f97bdd7c792b7cfe3e1

Attributes

autostart_method
TaskScheduler
enable_keylogger
true
install_path
%Windir%\WindowsWD\Windowsdefender.exe
reconnect_delay
10000
registry_keyname
MyPhone
taskscheduler_taskname
MyPhone
watchdog_path
AppData\WindowsVH\svhost.exe

Targets

- Target
  
  5AA7713FD72747A1EBA1CD2186964478.exe
- Size
  
  917KB
- MD5
  
  5aa7713fd72747a1eba1cd2186964478
- SHA1
  
  26dc8e8926e6e3a4d3983d2a0321d4f3b9fc1c95
- SHA256
  
  28027fae1edf2324a8165c9f1a82273f958385c4947e8750a6bdcf29ec2e4906
- SHA512
  
  82d55d7fcfdb9ef7471bcaf48d5fda92bb63995a88c8204ac09a934350bd47ac7d473b1b9f318b1613b332cd82412dfc1db2176d7cecaf29991ac721603e426b
Score

10^/10

orcus eblan rat spyware stealer
- Orcus
  Orcus is a Remote Access Trojan that is being sold on underground forums.
  rat spyware stealer orcus
- Orcus Main Payload
- Orcurs Rat Executable
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

orcuseblanratspywarestealer

behavioral2

orcuseblanratspywarestealer

© 2018-2024

Terms | Privacy