orcus | 0a88237fc722de2c8a00645bda3854cc3dfa65da8f449fce53530d3d3dfbf770

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
18-04-2024 08:42

Target

f7a67237fc01de67afa6a9d3ce79c42a_JaffaCakes118.exe
Size

2.9MB
MD5

f7a67237fc01de67afa6a9d3ce79c42a
SHA1

00270872b9dffbdd507274594e06bc0fa06370f0
SHA256

0a88237fc722de2c8a00645bda3854cc3dfa65da8f449fce53530d3d3dfbf770
SHA512

356c63cec97baf55f4df61558f690d2fa119b77a2d31f69a39c9179559b97428894e224dd833f3b34b0ec43a662bc24ecf339dbef8f424f38ff9373b11927ced
SSDEEP

49152:LeDDVIGjBZ9stXyzqP5mm6TLOwIabUaC59mMDOO+j7iwEMMA9dDOpo6LPPzHVD:LeVIG/UPE/TLO+w9DO97tEnAfDvkP5D

Score

10^/10

Orcus
Orcus is a Remote Access Trojan that is being sold on underground forums.
rat spyware stealer orcus

Core1 .NET packer 1 IoCs

Detects packer/loader used by .NET malware.

resource	yara_rule
behavioral1/memory/1812-4-0x000000001CFD0000-0x000000001D31E000-memory.dmp	Core1

Orcurs Rat Executable 1 IoCs

resource	yara_rule
behavioral1/memory/1812-4-0x000000001CFD0000-0x000000001D31E000-memory.dmp	orcus

C:\Users\Admin\AppData\Local\Temp\f7a67237fc01de67afa6a9d3ce79c42a_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\f7a67237fc01de67afa6a9d3ce79c42a_JaffaCakes118.exe"
1⤵
PID:1812

memory/1812-0-0x000000013F9D0000-0x000000013FCC0000-memory.dmp

Filesize
2.9MB

Download
memory/1812-1-0x000007FEF52B0000-0x000007FEF5C9C000-memory.dmp

Filesize
9.9MB

Download
memory/1812-2-0x000000001C100000-0x000000001C564000-memory.dmp

Filesize
4.4MB

Download
memory/1812-3-0x000000001BB20000-0x000000001BBA0000-memory.dmp

Filesize
512KB

Download
memory/1812-4-0x000000001CFD0000-0x000000001D31E000-memory.dmp

Filesize
3.3MB

Download
memory/1812-5-0x000007FEF52B0000-0x000007FEF5C9C000-memory.dmp

Filesize
9.9MB

Download