General

  • Target

    e26ab65bc3853ab2a4553881a55c0ef98651e44d8259bfcc5ad7d59dc010217b

  • Size

    952KB

  • Sample

    240128-bgb8wshggq

  • MD5

    0283ccc0f55ae951f964cca67e213325

  • SHA1

    fa4c51b6fb4c3b12739b6b76813b748892fdb528

  • SHA256

    e26ab65bc3853ab2a4553881a55c0ef98651e44d8259bfcc5ad7d59dc010217b

  • SHA512

    99dc187a05e18f5e1efe377eb6121e1426977909d323f3ae91eb46a1af5a58d1ce2cdc23bb652ab185c69b2ccf14f0a3c53afd310afdf81d58c4d784f283b01c

  • SSDEEP

    12288:h0XCGPSX0zbyD+ndg+QCImGYUl9qyzlkE2kUNC2ExqY9mHtuteprx3Q7dG1lFlWp:5t74MROxnFWrrcI0AilFEvxHPUooop

Malware Config

Extracted

Family

orcus

C2

127.0.0.1:10134

Mutex

db524e9a712943888cd90b0731362d6d

Attributes
  • autostart_method

    Registry

  • enable_keylogger

    true

  • install_path

    %programfiles%\Orcus\Orcus.exe

  • reconnect_delay

    9973

  • registry_keyname

    Orcus

  • taskscheduler_taskname

    Orcus

  • watchdog_path

    AppData\OrcusWatchdog.exe

Targets

    • Target

      e26ab65bc3853ab2a4553881a55c0ef98651e44d8259bfcc5ad7d59dc010217b

    • Size

      952KB

    • MD5

      0283ccc0f55ae951f964cca67e213325

    • SHA1

      fa4c51b6fb4c3b12739b6b76813b748892fdb528

    • SHA256

      e26ab65bc3853ab2a4553881a55c0ef98651e44d8259bfcc5ad7d59dc010217b

    • SHA512

      99dc187a05e18f5e1efe377eb6121e1426977909d323f3ae91eb46a1af5a58d1ce2cdc23bb652ab185c69b2ccf14f0a3c53afd310afdf81d58c4d784f283b01c

    • SSDEEP

      12288:h0XCGPSX0zbyD+ndg+QCImGYUl9qyzlkE2kUNC2ExqY9mHtuteprx3Q7dG1lFlWp:5t74MROxnFWrrcI0AilFEvxHPUooop

    • Orcus

      Orcus is a Remote Access Trojan that is being sold on underground forums.

    • Orcurs Rat Executable

MITRE ATT&CK Matrix

Tasks