Overview

overview

10

Static

static

1

31f17bf44f...b4.bat

windows7-x64

1

31f17bf44f...b4.bat

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    45730c9d81cdc2677ea2bd082eb79edb.bin

  • Size

    2.7MB

  • Sample

    240425-bsehdscg76

  • MD5

    53ca9a525089b1c02c86ee9978ac1cc1

  • SHA1

    ca54eeff11ae5a19e47681fdc5719b5aab523fa1

  • SHA256

    c7839838688246f588d1324d07bae059efc8e4377b1ad5e9b17d9df92214c5a3

  • SHA512

    aea35988422c2c8efd12134a0834799538692ab582e14f2ea276ab24d0e33fa49ae6c00132588d3b5bc94a7903999e1681bbaeaffb43ba253749db8969dadb03

  • SSDEEP

    49152:izvhN7vGAnrTAgQ7CXdnCc+K5+vW1nCqC3UvHBxU6aom6ZLCgiqyHFPpB:EZN7+AnrMghL+zv8C/6HnU6QlNtHFz

Score
10/10
orcusratspywarestealer

Malware Config

Targets

    • Target

      31f17bf44fd2ce3fb0fde898d5bea0c35d18c82d3e2e9fcdae3cb8cd9f9fffb4.bat

    • Size

      3.5MB

    • MD5

      45730c9d81cdc2677ea2bd082eb79edb

    • SHA1

      7ece7b975ab6506d83dac94f685e2cedbe56dd6b

    • SHA256

      31f17bf44fd2ce3fb0fde898d5bea0c35d18c82d3e2e9fcdae3cb8cd9f9fffb4

    • SHA512

      d4504b96971c71e38207b56ada95f5e78f8536aaa88a3cbeebaa16627ff548f620672c0d4c61e74707fdc2662ec99584b5dc8d6e3fa1b7056f9595531422b687

    • SSDEEP

      49152:mR8s3zr/pxAN80OHguszxrEC/agxlnUrLvlKNNwI:d

    Score
    10/10
    orcusratspywarestealer

    • Orcus

      Orcus is a Remote Access Trojan that is being sold on underground forums.

      ratspywarestealerorcus

    • Orcurs Rat Executable

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks