orcus | 42af92e5be37c1daddda7672372a39ccebb24d31d2ea65bec2a74dfbc3a4e82c | Triage

Sharing

General

Target

403990c6cbb042f7c1f5e57177272f81
Size

1.3MB
Sample

240104-h122zsddh8
MD5

403990c6cbb042f7c1f5e57177272f81
SHA1

ab9ef44ed7b93ecf7b6c43f23d75a3f2dc9d5a1b
SHA256

42af92e5be37c1daddda7672372a39ccebb24d31d2ea65bec2a74dfbc3a4e82c
SHA512

cb1adffb69f4ff6a62257325504cebc41d22f41910a41eae9c04ec5327da9f58fb652e79b87f580c7ac6f81f27cf2fba77b4fc3947b27dd59ae376f2d7c57ee5
SSDEEP

24576:hW5Df+qq6n4nP3P/oldSC+v18pqOxtKBsYOkP7Jz5I4MZ+xnF84gv41bb1tnKx4/:h9tvMqkm15SnDF5IPsmAjinh

Score

10^/10

orcus audio

Malware Config

Extracted

Family

orcus

Botnet

Audio

C2

cbm.adenz.top:4444

Mutex

e37e4cf8ebc34e47bb07c6e0844fc04a

Attributes

autostart_method
Disable
enable_keylogger
false
install_path
%programfiles%\Orcus\Orcus.exe
reconnect_delay
10000
registry_keyname
Orcus
taskscheduler_taskname
Orcus
watchdog_path
AppData\OrcusWatchdog.exe

Targets

- Target
  
  403990c6cbb042f7c1f5e57177272f81
- Size
  
  1.3MB
- MD5
  
  403990c6cbb042f7c1f5e57177272f81
- SHA1
  
  ab9ef44ed7b93ecf7b6c43f23d75a3f2dc9d5a1b
- SHA256
  
  42af92e5be37c1daddda7672372a39ccebb24d31d2ea65bec2a74dfbc3a4e82c
- SHA512
  
  cb1adffb69f4ff6a62257325504cebc41d22f41910a41eae9c04ec5327da9f58fb652e79b87f580c7ac6f81f27cf2fba77b4fc3947b27dd59ae376f2d7c57ee5
- SSDEEP
  
  24576:hW5Df+qq6n4nP3P/oldSC+v18pqOxtKBsYOkP7Jz5I4MZ+xnF84gv41bb1tnKx4/:h9tvMqkm15SnDF5IPsmAjinh
Score

7^/10
- Loads dropped DLL
- Drops desktop.ini file(s)
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2