orcus | f03739ac9802e5db16129fd953cc04fd8d8546b197c88876655c470940d9c82a | Triage

User tags

Assigned on submission by the user, not by sandbox detections.

Threatview.io Proactive Hunter

Sharing

Copy URL Twitter E-mail

General

Target

@O45_204_82_103_XRChrCC.exe
Size

1.2MB
Sample

231225-me2asadhcm
MD5

32e89622f327122191a2976fd1d1ea16
SHA1

de08eb6982f68021972d0ca65d1e233c1e2deab5
SHA256

f03739ac9802e5db16129fd953cc04fd8d8546b197c88876655c470940d9c82a
SHA512

964eeed983e951fcba553abf27c989ecc2796a907e7989a59b75a7aac183bb039c689f2b9966beae882b8e3663655696874fa23ce3e3f3dd4867f2a630926765
SSDEEP

24576:/pCPHKEHa10rCwCgWE9rBhh7ZGyjyFkhakMzKjhtehTl1:/pCPHKEm0mwCgFrfh7UyjnhakMzKjqR

Score

10^/10

orcus rat spyware stealer

Malware Config

Extracted

Family

orcus

C2

45.204.82.103:6606

Mutex

c137f83daf6641cd8f12b4695c8f209e

Attributes

autostart_method
Disable
enable_keylogger
false
install_path
%programfiles%\Orcus\Orcus.exe
reconnect_delay
10000
registry_keyname
Orcus
taskscheduler_taskname
Orcus
watchdog_path
AppData\OrcusWatchdog.exe

Targets

- Target
  
  @O45_204_82_103_XRChrCC.exe
- Size
  
  1.2MB
- MD5
  
  32e89622f327122191a2976fd1d1ea16
- SHA1
  
  de08eb6982f68021972d0ca65d1e233c1e2deab5
- SHA256
  
  f03739ac9802e5db16129fd953cc04fd8d8546b197c88876655c470940d9c82a
- SHA512
  
  964eeed983e951fcba553abf27c989ecc2796a907e7989a59b75a7aac183bb039c689f2b9966beae882b8e3663655696874fa23ce3e3f3dd4867f2a630926765
- SSDEEP
  
  24576:/pCPHKEHa10rCwCgWE9rBhh7ZGyjyFkhakMzKjhtehTl1:/pCPHKEm0mwCgFrfh7UyjnhakMzKjqR
Score

10^/10

orcus rat spyware stealer
- Orcus
  Orcus is a Remote Access Trojan that is being sold on underground forums.
  rat spyware stealer orcus
- Orcurs Rat Executable
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

orcusratspywarestealer

behavioral2

orcusratspywarestealer