orcus | 48db6e9d87ebb481de65aa9fe318139644642b429e7701287c1c136fa96b529d | Triage

Submit
Reports

Overview

overview

Static

static

48db6e9d87...9d.exe

windows7-x64

48db6e9d87...9d.exe

windows10-2004-x64

Sharing

General

Target

48db6e9d87ebb481de65aa9fe318139644642b429e7701287c1c136fa96b529d
Size

910KB
Sample

240412-cqxfvscd43
MD5

0dc0ab0af7887016e40a9fb1cb8de85e
SHA1

3a6e9c43ec94b4609d825e38a97eb4e76be493ba
SHA256

48db6e9d87ebb481de65aa9fe318139644642b429e7701287c1c136fa96b529d
SHA512

089164fb39657a62a6bda638cd5b06b32227e6a4c91e034ec1febc1434525db1afe96b81738d02c55e99a6e3760605190388038bf77cee4f675ff2bf107af399
SSDEEP

12288:T0XCGPSX0zbyD+ndg+QCImGYUl9qyzlkE2kUNCg+34ai5V2Xopqi1n07dG1lFlWl:/2C4MROxnFRC8rrcI0AilFEvxHjoQS

Score

10^/10

orcus ligeon rat spyware stealer

Static task

static1

4 signatures

Behavioral task

behavioral1

Sample

48db6e9d87ebb481de65aa9fe318139644642b429e7701287c1c136fa96b529d.exe

Resource

win7-20240319-en

orcus ligeon rat spyware stealer

windows7-x64

4 signatures

150 seconds

Behavioral task

behavioral2

Sample

48db6e9d87ebb481de65aa9fe318139644642b429e7701287c1c136fa96b529d.exe

Resource

win10v2004-20240226-en

orcus ligeon rat spyware stealer

windows10-2004-x64

4 signatures

150 seconds

Malware Config

Extracted

Family

orcus

Botnet

ligeon

C2

ligeon.ddns.net:1606

Mutex

b98fb09a59c24a81b9d17a55ccf2c036

Attributes

autostart_method
Disable
enable_keylogger
true
install_path
%programfiles%\Orcus\Orcus.exe
reconnect_delay
10000
registry_keyname
Orcus
taskscheduler_taskname
Orcus
watchdog_path
AppData\OrcusWatchdog.exe

Targets

- Target
  
  48db6e9d87ebb481de65aa9fe318139644642b429e7701287c1c136fa96b529d
- Size
  
  910KB
- MD5
  
  0dc0ab0af7887016e40a9fb1cb8de85e
- SHA1
  
  3a6e9c43ec94b4609d825e38a97eb4e76be493ba
- SHA256
  
  48db6e9d87ebb481de65aa9fe318139644642b429e7701287c1c136fa96b529d
- SHA512
  
  089164fb39657a62a6bda638cd5b06b32227e6a4c91e034ec1febc1434525db1afe96b81738d02c55e99a6e3760605190388038bf77cee4f675ff2bf107af399
- SSDEEP
  
  12288:T0XCGPSX0zbyD+ndg+QCImGYUl9qyzlkE2kUNCg+34ai5V2Xopqi1n07dG1lFlWl:/2C4MROxnFRC8rrcI0AilFEvxHjoQS
Score

10^/10

orcus ligeon rat spyware stealer
- Orcus
  Orcus is a Remote Access Trojan that is being sold on underground forums.
  rat spyware stealer orcus
- Orcurs Rat Executable
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

orcusligeonratspywarestealer

behavioral2

orcusligeonratspywarestealer

© 2018-2025

Terms | Privacy