General

  • Target

    9a3ea174e96c66c02382df5e2bb898ab5da8a10dce278e867ed3fb0b65385d35

  • Size

    909KB

  • Sample

    240209-bd1r3sfb99

  • MD5

    b135b19a0a4ea71b98a5848e9c11d68b

  • SHA1

    71a41d84d9f2b5ed1a11ee67bc835db55fa2464d

  • SHA256

    9a3ea174e96c66c02382df5e2bb898ab5da8a10dce278e867ed3fb0b65385d35

  • SHA512

    ff77fe2120d1bb1264e8137be53024fea4a2abd5553b666f064a8eea7f491a49814a2774907c1bfe236ad1ba5bd49b1eedf4672205c5d4c4f67184a7a9478de2

  • SSDEEP

    24576:g554MROxnFl3qznrrcI0AilFEvxHPCooz:gQMir4rrcI0AilFEvxHP

Malware Config

Extracted

Family

orcus

C2

192.168.0.106:10134

Mutex

d57d35f2abe14038afdb291e474d55a0

Attributes
  • autostart_method

    Disable

  • enable_keylogger

    false

  • install_path

    %programfiles%\Orcus\Orcus.exe

  • reconnect_delay

    10000

  • registry_keyname

    Orcus

  • taskscheduler_taskname

    Orcus

  • watchdog_path

    AppData\OrcusWatchdog.exe

Targets

    • Target

      9a3ea174e96c66c02382df5e2bb898ab5da8a10dce278e867ed3fb0b65385d35

    • Size

      909KB

    • MD5

      b135b19a0a4ea71b98a5848e9c11d68b

    • SHA1

      71a41d84d9f2b5ed1a11ee67bc835db55fa2464d

    • SHA256

      9a3ea174e96c66c02382df5e2bb898ab5da8a10dce278e867ed3fb0b65385d35

    • SHA512

      ff77fe2120d1bb1264e8137be53024fea4a2abd5553b666f064a8eea7f491a49814a2774907c1bfe236ad1ba5bd49b1eedf4672205c5d4c4f67184a7a9478de2

    • SSDEEP

      24576:g554MROxnFl3qznrrcI0AilFEvxHPCooz:gQMir4rrcI0AilFEvxHP

    • Orcus

      Orcus is a Remote Access Trojan that is being sold on underground forums.

    • Orcurs Rat Executable

MITRE ATT&CK Matrix

Tasks