General

  • Target

    58db1f0299b71c3912d3805ed68879ee55cb52ccbbffa186322beebfba70f1a5

  • Size

    905KB

  • Sample

    240209-bd7wdsfc25

  • MD5

    6b7766d0c0759dd92ee68643e76d711c

  • SHA1

    096fc8582d58e3652b2079687486c2bc17da275f

  • SHA256

    58db1f0299b71c3912d3805ed68879ee55cb52ccbbffa186322beebfba70f1a5

  • SHA512

    8232afa19eb3994db1210ce53142c610857b6664c3d45a342463f85d4674d7b32f81bde621c49208aed77bd06a8d01fa16c75169a269448826d122dfdd5419fb

  • SSDEEP

    24576:EW64MROxnFj3zBukhrrcI0AilFEvxHP/oo0:EKMi1cqrrcI0AilFEvxHP

Malware Config

Extracted

Family

orcus

C2

obfuscated.us:8080

Mutex

41fdffd0276c4314a5a934c62fb1022f

Attributes
  • autostart_method

    Registry

  • enable_keylogger

    true

  • install_path

    %programfiles%\System\System

  • reconnect_delay

    10000

  • registry_keyname

    System32

  • taskscheduler_taskname

    System32

  • watchdog_path

    AppData\System.exe

Targets

    • Target

      58db1f0299b71c3912d3805ed68879ee55cb52ccbbffa186322beebfba70f1a5

    • Size

      905KB

    • MD5

      6b7766d0c0759dd92ee68643e76d711c

    • SHA1

      096fc8582d58e3652b2079687486c2bc17da275f

    • SHA256

      58db1f0299b71c3912d3805ed68879ee55cb52ccbbffa186322beebfba70f1a5

    • SHA512

      8232afa19eb3994db1210ce53142c610857b6664c3d45a342463f85d4674d7b32f81bde621c49208aed77bd06a8d01fa16c75169a269448826d122dfdd5419fb

    • SSDEEP

      24576:EW64MROxnFj3zBukhrrcI0AilFEvxHP/oo0:EKMi1cqrrcI0AilFEvxHP

    • Orcus

      Orcus is a Remote Access Trojan that is being sold on underground forums.

    • Orcus main payload

    • Orcurs Rat Executable

MITRE ATT&CK Enterprise v15

Tasks