Malware Analysis Report

2025-03-15 06:53

Sample ID 231202-l8jgdsbf89
Target NEAS.a44b0be2c74e01978623100390d29d0ca4aec844b4f52356c0f6b4b4125d7a3a.exe
SHA256 a44b0be2c74e01978623100390d29d0ca4aec844b4f52356c0f6b4b4125d7a3a
Tags
orcus rat spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

a44b0be2c74e01978623100390d29d0ca4aec844b4f52356c0f6b4b4125d7a3a

Threat Level: Known bad

The file NEAS.a44b0be2c74e01978623100390d29d0ca4aec844b4f52356c0f6b4b4125d7a3a.exe was found to be: Known bad.

Malicious Activity Summary

orcus rat spyware stealer

Orcus main payload

Orcus

Orcurs Rat Executable

Orcus family

Orcurs Rat Executable

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2023-12-02 10:12

Signatures

Orcurs Rat Executable

Description Indicator Process Target
N/A N/A N/A N/A

Orcus family

orcus

Orcus main payload

Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-12-02 10:12

Reported

2023-12-02 10:14

Platform

win7-20231201-en

Max time kernel

122s

Max time network

123s

Command Line

"C:\Users\Admin\AppData\Local\Temp\NEAS.a44b0be2c74e01978623100390d29d0ca4aec844b4f52356c0f6b4b4125d7a3a.exe"

Signatures

Orcus

rat spyware stealer orcus

Orcurs Rat Executable

Description Indicator Process Target
N/A N/A N/A N/A

Processes

C:\Users\Admin\AppData\Local\Temp\NEAS.a44b0be2c74e01978623100390d29d0ca4aec844b4f52356c0f6b4b4125d7a3a.exe

"C:\Users\Admin\AppData\Local\Temp\NEAS.a44b0be2c74e01978623100390d29d0ca4aec844b4f52356c0f6b4b4125d7a3a.exe"

Network

N/A

Files

memory/2052-0-0x0000000000BB0000-0x0000000000CAC000-memory.dmp

memory/2052-1-0x0000000074100000-0x00000000747EE000-memory.dmp

memory/2052-2-0x0000000004AB0000-0x0000000004AF0000-memory.dmp

memory/2052-3-0x0000000000480000-0x000000000048E000-memory.dmp

memory/2052-4-0x00000000009B0000-0x0000000000A0C000-memory.dmp

memory/2052-5-0x0000000000840000-0x0000000000852000-memory.dmp

memory/2052-6-0x0000000000860000-0x0000000000868000-memory.dmp

memory/2052-7-0x0000000074100000-0x00000000747EE000-memory.dmp

memory/2052-8-0x0000000004AB0000-0x0000000004AF0000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2023-12-02 10:12

Reported

2023-12-02 10:14

Platform

win10v2004-20231130-en

Max time kernel

125s

Max time network

51s

Command Line

"C:\Users\Admin\AppData\Local\Temp\NEAS.a44b0be2c74e01978623100390d29d0ca4aec844b4f52356c0f6b4b4125d7a3a.exe"

Signatures

Orcus

rat spyware stealer orcus

Orcurs Rat Executable

Description Indicator Process Target
N/A N/A N/A N/A

Processes

C:\Users\Admin\AppData\Local\Temp\NEAS.a44b0be2c74e01978623100390d29d0ca4aec844b4f52356c0f6b4b4125d7a3a.exe

"C:\Users\Admin\AppData\Local\Temp\NEAS.a44b0be2c74e01978623100390d29d0ca4aec844b4f52356c0f6b4b4125d7a3a.exe"

Network

Files

memory/2056-0-0x0000000000170000-0x000000000026C000-memory.dmp

memory/2056-1-0x0000000074590000-0x0000000074D40000-memory.dmp

memory/2056-2-0x0000000004C20000-0x0000000004C30000-memory.dmp

memory/2056-3-0x0000000002640000-0x000000000264E000-memory.dmp

memory/2056-4-0x0000000004C30000-0x0000000004C8C000-memory.dmp

memory/2056-5-0x0000000005320000-0x00000000058C4000-memory.dmp

memory/2056-6-0x0000000004D70000-0x0000000004E02000-memory.dmp

memory/2056-7-0x0000000004D40000-0x0000000004D52000-memory.dmp

memory/2056-8-0x0000000004D50000-0x0000000004D58000-memory.dmp

memory/2056-9-0x0000000005310000-0x000000000531A000-memory.dmp

memory/2056-10-0x0000000074590000-0x0000000074D40000-memory.dmp