orcus

General

Target

25BE4FB3B1C478E02194503047AC838A.exe
Size

911KB
Sample

210629-3betpwy4qj
MD5

25be4fb3b1c478e02194503047ac838a
SHA1

a4223aa801bae210d077ea9c30835bdd3a82aa22
SHA256

28506529f97de0d6a877427c102e62425f63c764dd2d55f4510dcc5d49335085
SHA512

67cf89cd1d3592044d878f4876a2f7a2a2e8412ec13c16b977b2ba8512cd94970c8058479e39c436691d1c95f3c795feb9ce464cbb4923bf8e12b74c03f71df6

Score

10^/10

Malware Config

Extracted

Family

orcus

C2

74.201.28.60:4296

Mutex

Hysteria4

Attributes

autostart_method
Registry
enable_keylogger
false
install_path
%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\O\WindowsUserApplicationData.exe
reconnect_delay
10000
registry_keyname
Hysteria
taskscheduler_taskname
Hysteria
watchdog_path
AppData\WindowsUserApplicationData.exe

Targets

- Target
  
  25BE4FB3B1C478E02194503047AC838A.exe
- Size
  
  911KB
- MD5
  
  25be4fb3b1c478e02194503047ac838a
- SHA1
  
  a4223aa801bae210d077ea9c30835bdd3a82aa22
- SHA256
  
  28506529f97de0d6a877427c102e62425f63c764dd2d55f4510dcc5d49335085
- SHA512
  
  67cf89cd1d3592044d878f4876a2f7a2a2e8412ec13c16b977b2ba8512cd94970c8058479e39c436691d1c95f3c795feb9ce464cbb4923bf8e12b74c03f71df6
Score

10^/10

orcus persistence rat spyware stealer
- Orcus
  Orcus is a Remote Access Trojan that is being sold on underground forums.
  rat spyware stealer orcus
- Orcus Main Payload
- Orcurs Rat Executable
- Executes dropped EXE
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1

T1060

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Orcus Main Payload

Orcurs Rat Executable

Executes dropped EXE

Drops startup file

Loads dropped DLL

Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2