orcus | 6ac94749782364a3ff4a966392626094957f4819576fcf1dc96ed8d8d6847f49 | Triage

Submit
Reports

Overview

overview

Static

static

d707f6a2b3...50.exe

windows7-x64

d707f6a2b3...50.exe

windows10-2004-x64

Sharing

General

Target

6ac94749782364a3ff4a966392626094957f4819576fcf1dc96ed8d8d6847f49
Size

584KB
Sample

240417-rclvjaah88
MD5

26eb81994758ca48dff72c4742d63af0
SHA1

64577ae13b2d8827f5b47d7bb6a6398918754476
SHA256

6ac94749782364a3ff4a966392626094957f4819576fcf1dc96ed8d8d6847f49
SHA512

bf01accb8f5aba16910bc131080bda47aa75ef6652b3a5fafae617c5fbc18428d25fb0ed951d39484a1c3cc243ba856551098981765846686c8ed68c2e712066
SSDEEP

12288:c8JcC47br7egvnjc0b2F7UTHLW18i4U1cOM0LVBn66O0qn15VHgs:XJe77vrI7UL4h4U1cOMk6QqnPFl

Score

10^/10

orcus rat spyware stealer

Static task

static1

4 signatures

Behavioral task

behavioral1

Sample

d707f6a2b397255561908bd80c63d29237ea0b70e44360b10ebc5abd7b798b50.exe

Resource

win7-20231129-en

orcus rat spyware stealer

windows7-x64

4 signatures

150 seconds

Behavioral task

behavioral2

Sample

d707f6a2b397255561908bd80c63d29237ea0b70e44360b10ebc5abd7b798b50.exe

Resource

win10v2004-20240412-en

orcus rat spyware stealer

windows10-2004-x64

4 signatures

150 seconds

Malware Config

Extracted

Family

orcus

C2

period-disabilities.gl.at.ply.gg:56901

Mutex

3a15a41ea1f0476db682988f07b7f957

Attributes

autostart_method
Disable
enable_keylogger
true
install_path
%programfiles%\Orcus\Orcus.exe
reconnect_delay
10000
registry_keyname
Orcus
taskscheduler_taskname
Orcus
watchdog_path
AppData\OrcusWatchdog.exe

Targets

- Target
  
  d707f6a2b397255561908bd80c63d29237ea0b70e44360b10ebc5abd7b798b50.exe
- Size
  
  903KB
- MD5
  
  3ca48ed8ed5db1ae5411874d38df2fae
- SHA1
  
  b11f11656ffe0bd0f96955b6cbe2545a4ed3429f
- SHA256
  
  d707f6a2b397255561908bd80c63d29237ea0b70e44360b10ebc5abd7b798b50
- SHA512
  
  8ff797fac2306b41c6be0e51006e0dd3f1db4675449339bcdb75bc42954bd84c6763f4b0ebeaa72c22ae10ec0be51c9415e2169f80f3e612182cefe20141d66a
- SSDEEP
  
  24576:U8HQ4MROxnFDi0rrcI0AilFEvxHj60kQU:UAzMi40rrcI0AilFEvxHjx
Score

10^/10

orcus rat spyware stealer
- Orcus
  Orcus is a Remote Access Trojan that is being sold on underground forums.
  rat spyware stealer orcus
- Orcurs Rat Executable
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

orcusratspywarestealer

behavioral2

orcusratspywarestealer

© 2018-2025

Terms | Privacy