Malware Analysis Report

2025-03-15 06:53

Sample ID 231202-md97asca39
Target NEAS.0aa1332c7cb2ecb6d2dac80b115a399b0b6c9d210728f794b1782d96777bdb9f.exe
SHA256 0aa1332c7cb2ecb6d2dac80b115a399b0b6c9d210728f794b1782d96777bdb9f
Tags
orcus rat spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

0aa1332c7cb2ecb6d2dac80b115a399b0b6c9d210728f794b1782d96777bdb9f

Threat Level: Known bad

The file NEAS.0aa1332c7cb2ecb6d2dac80b115a399b0b6c9d210728f794b1782d96777bdb9f.exe was found to be: Known bad.

Malicious Activity Summary

orcus rat spyware stealer

Orcus

Orcurs Rat Executable

Orcus family

Orcus main payload

Orcurs Rat Executable

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2023-12-02 10:22

Signatures

Orcurs Rat Executable

Description Indicator Process Target
N/A N/A N/A N/A

Orcus family

orcus

Orcus main payload

Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2023-12-02 10:22

Reported

2023-12-02 10:24

Platform

win10v2004-20231201-en

Max time kernel

125s

Max time network

51s

Command Line

"C:\Users\Admin\AppData\Local\Temp\NEAS.0aa1332c7cb2ecb6d2dac80b115a399b0b6c9d210728f794b1782d96777bdb9f.exe"

Signatures

Orcus

rat spyware stealer orcus

Orcurs Rat Executable

Description Indicator Process Target
N/A N/A N/A N/A

Processes

C:\Users\Admin\AppData\Local\Temp\NEAS.0aa1332c7cb2ecb6d2dac80b115a399b0b6c9d210728f794b1782d96777bdb9f.exe

"C:\Users\Admin\AppData\Local\Temp\NEAS.0aa1332c7cb2ecb6d2dac80b115a399b0b6c9d210728f794b1782d96777bdb9f.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp

Files

memory/4840-1-0x0000000074490000-0x0000000074C40000-memory.dmp

memory/4840-0-0x0000000000CF0000-0x0000000000DE8000-memory.dmp

memory/4840-2-0x00000000058A0000-0x00000000058B0000-memory.dmp

memory/4840-3-0x0000000005740000-0x000000000574E000-memory.dmp

memory/4840-4-0x0000000005750000-0x00000000057AC000-memory.dmp

memory/4840-5-0x0000000005E60000-0x0000000006404000-memory.dmp

memory/4840-6-0x0000000005950000-0x00000000059E2000-memory.dmp

memory/4840-7-0x0000000005880000-0x0000000005892000-memory.dmp

memory/4840-8-0x0000000005890000-0x0000000005898000-memory.dmp

memory/4840-9-0x0000000006440000-0x000000000644A000-memory.dmp

memory/4840-10-0x0000000074490000-0x0000000074C40000-memory.dmp

Analysis: behavioral1

Detonation Overview

Submitted

2023-12-02 10:22

Reported

2023-12-02 10:24

Platform

win7-20231130-en

Max time kernel

117s

Max time network

117s

Command Line

"C:\Users\Admin\AppData\Local\Temp\NEAS.0aa1332c7cb2ecb6d2dac80b115a399b0b6c9d210728f794b1782d96777bdb9f.exe"

Signatures

Orcus

rat spyware stealer orcus

Orcurs Rat Executable

Description Indicator Process Target
N/A N/A N/A N/A

Processes

C:\Users\Admin\AppData\Local\Temp\NEAS.0aa1332c7cb2ecb6d2dac80b115a399b0b6c9d210728f794b1782d96777bdb9f.exe

"C:\Users\Admin\AppData\Local\Temp\NEAS.0aa1332c7cb2ecb6d2dac80b115a399b0b6c9d210728f794b1782d96777bdb9f.exe"

Network

N/A

Files

memory/1744-0-0x0000000000910000-0x0000000000A08000-memory.dmp

memory/1744-1-0x0000000074A10000-0x00000000750FE000-memory.dmp

memory/1744-2-0x00000000004C0000-0x0000000000500000-memory.dmp

memory/1744-3-0x0000000000330000-0x000000000033E000-memory.dmp

memory/1744-4-0x00000000022F0000-0x000000000234C000-memory.dmp

memory/1744-6-0x00000000007E0000-0x00000000007E8000-memory.dmp

memory/1744-5-0x0000000000520000-0x0000000000532000-memory.dmp

memory/1744-7-0x0000000074A10000-0x00000000750FE000-memory.dmp

memory/1744-8-0x00000000004C0000-0x0000000000500000-memory.dmp