General

  • Target

    89d828ac18fb6c18636c3682c799378305d822bcca894fdbfeded9aacc828bcf

  • Size

    903KB

  • Sample

    240210-brtkxsfe5z

  • MD5

    2f5e6a06a9e35a76e8b2ac654d64d19e

  • SHA1

    56b5d806785a1103f7af07a6c7a9c9d5f9ba39fc

  • SHA256

    89d828ac18fb6c18636c3682c799378305d822bcca894fdbfeded9aacc828bcf

  • SHA512

    9df800b69870f5b5e0578e4a834c4c0b512d328ca85f626b4e213fcaaf11bb96f784222aca10b78e2e192f7294e14e19c3cff639db9cd52ebf3f9fcad63df9b6

  • SSDEEP

    12288:X0XCGPSX0zbyD+ndg+QCImGYUl9qyzlkE2kUNCCI1e05SekqAepbQUR7dG1lFlWH:HAw4MROxnFXHrrcI0AilFEvxHPfIood

Malware Config

Extracted

Family

orcus

Botnet

AS-SYIFA

C2

192.168.35.215:4806

Mutex

e1a3bb1e3a5d4601aa0f744b003033ee

Attributes
  • autostart_method

    Disable

  • enable_keylogger

    true

  • install_path

    %programfiles%\Orcus\Orcus.exe

  • reconnect_delay

    10000

  • registry_keyname

    Orcus

  • taskscheduler_taskname

    Orcus

  • watchdog_path

    AppData\OrcusWatchdog.exe

Targets

    • Target

      89d828ac18fb6c18636c3682c799378305d822bcca894fdbfeded9aacc828bcf

    • Size

      903KB

    • MD5

      2f5e6a06a9e35a76e8b2ac654d64d19e

    • SHA1

      56b5d806785a1103f7af07a6c7a9c9d5f9ba39fc

    • SHA256

      89d828ac18fb6c18636c3682c799378305d822bcca894fdbfeded9aacc828bcf

    • SHA512

      9df800b69870f5b5e0578e4a834c4c0b512d328ca85f626b4e213fcaaf11bb96f784222aca10b78e2e192f7294e14e19c3cff639db9cd52ebf3f9fcad63df9b6

    • SSDEEP

      12288:X0XCGPSX0zbyD+ndg+QCImGYUl9qyzlkE2kUNCCI1e05SekqAepbQUR7dG1lFlWH:HAw4MROxnFXHrrcI0AilFEvxHPfIood

    • Orcus

      Orcus is a Remote Access Trojan that is being sold on underground forums.

    • Orcurs Rat Executable

MITRE ATT&CK Matrix

Tasks