General

  • Target

    617f94ce69b2d394429c842ae4bff0b3d2f556108f55ce05bf4e88db68198d45

  • Size

    2.7MB

  • Sample

    240202-b8m5gaddel

  • MD5

    2f7df8706ec66f8e578c686ac45eb708

  • SHA1

    8d8ea8bebb0ef8457429bfd08a70be3604ec0afa

  • SHA256

    617f94ce69b2d394429c842ae4bff0b3d2f556108f55ce05bf4e88db68198d45

  • SHA512

    8fd149d4d10e645292e7aea0405f530cd0ac316a6086d9a5cfa8f468cce5a149f898a124f63d9baf8e3e9aeb046462cd95cd567fa1c6cedfd2c85393ec65e37f

  • SSDEEP

    49152:b6jMijNrZlI0AilFEvxHiFcl9/csqXF5fv2:Wjdcl9/c/XF5fO

Malware Config

Targets

    • Target

      617f94ce69b2d394429c842ae4bff0b3d2f556108f55ce05bf4e88db68198d45

    • Size

      2.7MB

    • MD5

      2f7df8706ec66f8e578c686ac45eb708

    • SHA1

      8d8ea8bebb0ef8457429bfd08a70be3604ec0afa

    • SHA256

      617f94ce69b2d394429c842ae4bff0b3d2f556108f55ce05bf4e88db68198d45

    • SHA512

      8fd149d4d10e645292e7aea0405f530cd0ac316a6086d9a5cfa8f468cce5a149f898a124f63d9baf8e3e9aeb046462cd95cd567fa1c6cedfd2c85393ec65e37f

    • SSDEEP

      49152:b6jMijNrZlI0AilFEvxHiFcl9/csqXF5fv2:Wjdcl9/c/XF5fO

    • Orcus

      Orcus is a Remote Access Trojan that is being sold on underground forums.

    • Orcurs Rat Executable

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Matrix

Tasks