Overview

overview

10

Static

static

10

Document-O‮fdp.scr

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    Document-O‮fdp.scr

  • Size

    912KB

  • Sample

    220910-r78yjsdhhl

  • MD5

    6e8d195ca9f7229c0e6a188a5567fef9

  • SHA1

    255f5930a85f27ecd67ddaf06ac1c12c8556d9d2

  • SHA256

    c9033b15800da213a0781427c0a391c77e97d535ab7fdf9ad18ccd69b8d13f96

  • SHA512

    9b39046aec6e2e6ee0ccd164640144a83ba7427cf7e51b03a0c9604f4fdbd61c031e6f27fc1d1c4f3a2f76f28b814d4fcb1190333dfc216da8365000b234e0ee

  • SSDEEP

    24576:FEqr4MROxnFG5bYmfFhQvrZlI0AilFEvxHiAi:FEjMiTvrZlI0AilFEvxHi

Score
10/10
orcusratspywarestealer

Malware Config

Extracted

Family

orcus

C2

0.0.0.0:10134

Mutex

f8c9611e2112460ba83917f5b7179cbb

Attributes
  • autostart_method

    TaskScheduler

  • enable_keylogger

    false

  • install_path

    %programfiles%\Orcus\Orcus.exe

  • reconnect_delay

    10000

  • registry_keyname

    Orcus

  • taskscheduler_taskname

    Orcus

  • watchdog_path

    AppData\OrcusWatchdog.exe

Targets

    • Target

      Document-O‮fdp.scr

    • Size

      912KB

    • MD5

      6e8d195ca9f7229c0e6a188a5567fef9

    • SHA1

      255f5930a85f27ecd67ddaf06ac1c12c8556d9d2

    • SHA256

      c9033b15800da213a0781427c0a391c77e97d535ab7fdf9ad18ccd69b8d13f96

    • SHA512

      9b39046aec6e2e6ee0ccd164640144a83ba7427cf7e51b03a0c9604f4fdbd61c031e6f27fc1d1c4f3a2f76f28b814d4fcb1190333dfc216da8365000b234e0ee

    • SSDEEP

      24576:FEqr4MROxnFG5bYmfFhQvrZlI0AilFEvxHiAi:FEjMiTvrZlI0AilFEvxHi

    Score
    10/10
    orcusratspywarestealer

    • Orcus

      Orcus is a Remote Access Trojan that is being sold on underground forums.

      ratspywarestealerorcus

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Drops desktop.ini file(s)

    behavioral1

MITRE ATT&CK Enterprise v6

Tasks