orcus | 1ac7749a44fef2fa60a572c1a6d169c621c9e68be7a0184d3071190e831151b7 | Triage

User tags

Assigned on submission by the user, not by sandbox detections.

Threatview.io Proactive Hunter

Sharing

General

Target

@O45_204_82_103_XRdev.exe.1
Size

1.1MB
Sample

231223-k4dvnshbe9
MD5

5b64a3db50378381c71f3a1babc7d068
SHA1

f8a750d8777508f83c814c238c8c92acface8667
SHA256

1ac7749a44fef2fa60a572c1a6d169c621c9e68be7a0184d3071190e831151b7
SHA512

a59b07e60eae44b1f7260c956afbcaf159b77b334e4e9307199aa6b3e0657c49dd0abf6459d17aff2f1b825a3041ce59d2562162bf67e5f7f8990228c7fb4dc3
SSDEEP

24576:FpCPHKEHa10rCwCgWE9rBhh7ZGyjyFkhakMzKg8y:FpCPHKEm0mwCgFrfh7UyjnhakMzKg8

Score

10^/10

orcus rat spyware stealer

Malware Config

Extracted

Family

orcus

C2

45.204.82.103:6606

Mutex

c137f83daf6641cd8f12b4695c8f209e

Attributes

autostart_method
Disable
enable_keylogger
false
install_path
%programfiles%\Orcus\Orcus.exe
reconnect_delay
10000
registry_keyname
Orcus
taskscheduler_taskname
Orcus
watchdog_path
AppData\OrcusWatchdog.exe

Targets

- Target
  
  @O45_204_82_103_XRdev.exe.1
- Size
  
  1.1MB
- MD5
  
  5b64a3db50378381c71f3a1babc7d068
- SHA1
  
  f8a750d8777508f83c814c238c8c92acface8667
- SHA256
  
  1ac7749a44fef2fa60a572c1a6d169c621c9e68be7a0184d3071190e831151b7
- SHA512
  
  a59b07e60eae44b1f7260c956afbcaf159b77b334e4e9307199aa6b3e0657c49dd0abf6459d17aff2f1b825a3041ce59d2562162bf67e5f7f8990228c7fb4dc3
- SSDEEP
  
  24576:FpCPHKEHa10rCwCgWE9rBhh7ZGyjyFkhakMzKg8y:FpCPHKEm0mwCgFrfh7UyjnhakMzKg8
Score

10^/10

orcus rat spyware stealer
- Orcus
  Orcus is a Remote Access Trojan that is being sold on underground forums.
  rat spyware stealer orcus
- Orcurs Rat Executable
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

orcusratspywarestealer

behavioral2

orcusratspywarestealer