orcus | bdca302a43dfd30f874ce13b2a20f4211e7bd88eba40a0c41f30873389133d3d | Triage

Sharing

General

Target

BDCA302A43DFD30F874CE13B2A20F4211E7BD88EBA40A.exe
Size

789KB
Sample

210731-hyxf5s8kk2
MD5

75e95a530e5fe926bcca7c2c1a008e18
SHA1

ff759b9abdd18c05b51509f92146a801f3fae939
SHA256

bdca302a43dfd30f874ce13b2a20f4211e7bd88eba40a0c41f30873389133d3d
SHA512

ad2cc5878b248cda26e5464dea496ea67ddd9bdf120c56dceee2581a167ae0771d19b68c19b62f4c487d045b0680c7d3892ba8aa99023e93b6391ea8d49821da

Score

10^/10

orcus $evasion rat spyware stealer trojan

Malware Config

Extracted

Family

orcus

Botnet

$

C2

lsdw.dyndns.org:10134

Mutex

bad69595827c48b5b9b2ea99aaff68b6

Attributes

autostart_method
Disable
enable_keylogger
true
install_path
%programfiles%\Orcus\Orcus.exe
reconnect_delay
10000
registry_keyname
Orcus
taskscheduler_taskname
Orcus
watchdog_path
AppData\OrcusWatchdog.exe

Targets

- Target
  
  BDCA302A43DFD30F874CE13B2A20F4211E7BD88EBA40A.exe
- Size
  
  789KB
- MD5
  
  75e95a530e5fe926bcca7c2c1a008e18
- SHA1
  
  ff759b9abdd18c05b51509f92146a801f3fae939
- SHA256
  
  bdca302a43dfd30f874ce13b2a20f4211e7bd88eba40a0c41f30873389133d3d
- SHA512
  
  ad2cc5878b248cda26e5464dea496ea67ddd9bdf120c56dceee2581a167ae0771d19b68c19b62f4c487d045b0680c7d3892ba8aa99023e93b6391ea8d49821da
Score

10^/10

orcus $evasion rat spyware stealer trojan
- Orcus
  Orcus is a Remote Access Trojan that is being sold on underground forums.
  rat spyware stealer orcus
- UAC bypass
  evasion trojan
- Orcurs Rat Executable
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Bypass User Account Control

Scheduled Task

Defense Evasion

Bypass User Account Control

Disabling Security Tools

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

orcus$evasionratspywarestealertrojan

behavioral2

orcus$evasionratspywarestealertrojan