General

  • Target

    http://zx

  • Sample

    240211-t32d1sbg57

Malware Config

Targets

    • Target

      http://zx

    • Orcus

      Orcus is a Remote Access Trojan that is being sold on underground forums.

    • Orcurs Rat Executable

    • Executes dropped EXE

    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks