orcus | 4725d4e565dfa4b72ca57a128743d9b1a8447181ec3a55a13f5b2ffb7706bf79 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4725d4e565dfa4b72ca57a128743d9b1a8447181ec3a55a13f5b2ffb7706bf79
Size

921KB
Sample

231229-bqk76afbd2
MD5

17e71bd4bacbe1791b0baeadc7f3ca11
SHA1

13a5dea619eb37e3fdb996acd6e3564b9e5828e9
SHA256

4725d4e565dfa4b72ca57a128743d9b1a8447181ec3a55a13f5b2ffb7706bf79
SHA512

f55c70c5df8c3f77ce14f21fd0f9c86d3b1b3e32c7bd4c2c2904e04321fa9bf4cf5979fb5546873e617564627656d31c660e1ce80f11d3557a105ed81278946e
SSDEEP

24576:YpCPHKEHa10rCwCgWE9rBhh7ZGyjyFkhakMzKP:YpCPHKEm0mwCgFrfh7UyjnhakMzKP

Score

10^/10

orcus rat spyware stealer

Malware Config

Extracted

Family

orcus

C2

45.204.82.103:6606

Mutex

c137f83daf6641cd8f12b4695c8f209e

Attributes

autostart_method
Disable
enable_keylogger
false
install_path
%programfiles%\Orcus\Orcus.exe
reconnect_delay
10000
registry_keyname
Orcus
taskscheduler_taskname
Orcus
watchdog_path
AppData\OrcusWatchdog.exe

Targets

- Target
  
  4725d4e565dfa4b72ca57a128743d9b1a8447181ec3a55a13f5b2ffb7706bf79
- Size
  
  921KB
- MD5
  
  17e71bd4bacbe1791b0baeadc7f3ca11
- SHA1
  
  13a5dea619eb37e3fdb996acd6e3564b9e5828e9
- SHA256
  
  4725d4e565dfa4b72ca57a128743d9b1a8447181ec3a55a13f5b2ffb7706bf79
- SHA512
  
  f55c70c5df8c3f77ce14f21fd0f9c86d3b1b3e32c7bd4c2c2904e04321fa9bf4cf5979fb5546873e617564627656d31c660e1ce80f11d3557a105ed81278946e
- SSDEEP
  
  24576:YpCPHKEHa10rCwCgWE9rBhh7ZGyjyFkhakMzKP:YpCPHKEm0mwCgFrfh7UyjnhakMzKP
Score

10^/10

orcus rat spyware stealer
- Orcus
  Orcus is a Remote Access Trojan that is being sold on underground forums.
  rat spyware stealer orcus
- Orcurs Rat Executable
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

orcusratspywarestealer

behavioral2

orcusratspywarestealer