orcus | 637ceb8f9ed182a97ab805a3a19231242075e98924152bae28c64c14c8e15d8b | Triage

Submit
Reports

Overview

overview

Static

static

Orcus Admi...on.zip

windows10-2004-x64

Orcus Admi...on.zip

windows10-1703-x64

1

Sharing

Copy URL Twitter E-mail

General

Target

Orcus Administartion.zip
Size

65.8MB
Sample

240125-v9pt8sbhe3
MD5

db450971badc670cfec922987bd3b369
SHA1

c48fdb5313622543a1c9196ecb494b4b23f74b37
SHA256

637ceb8f9ed182a97ab805a3a19231242075e98924152bae28c64c14c8e15d8b
SHA512

4e69d594037e74e55361178c51d2d09785e9faf0c220c60b1f56cde94f817a7b3ff223de7afa524f3ba88e484dbed35e18d17272ac4838093a55cc845cbc05b0
SSDEEP

1572864:Ju9ICaeJE8kxjlwh2ScMaVvZT5rKSFm95YLAJLfX:JuWIkxj02NlZT5eIm95zBX

Score

10^/10

orcus

Static task

static1

5 signatures

Behavioral task

behavioral1

Sample

Orcus Administartion.zip

Resource

win10v2004-20231215-en

windows10-2004-x64

5 signatures

150 seconds

Behavioral task

behavioral2

Sample

Orcus Administartion.zip

Resource

win10-20231215-en

windows10-1703-x64

0 signatures

150 seconds

Malware Config

Targets

- Target
  
  Orcus Administartion.zip
- Size
  
  65.8MB
- MD5
  
  db450971badc670cfec922987bd3b369
- SHA1
  
  c48fdb5313622543a1c9196ecb494b4b23f74b37
- SHA256
  
  637ceb8f9ed182a97ab805a3a19231242075e98924152bae28c64c14c8e15d8b
- SHA512
  
  4e69d594037e74e55361178c51d2d09785e9faf0c220c60b1f56cde94f817a7b3ff223de7afa524f3ba88e484dbed35e18d17272ac4838093a55cc845cbc05b0
- SSDEEP
  
  1572864:Ju9ICaeJE8kxjlwh2ScMaVvZT5rKSFm95YLAJLfX:JuWIkxj02NlZT5eIm95zBX
Score

10^/10
- Contains code to disable Windows Defender
  A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

© 2018-2025

Terms | Privacy