Overview

overview

10

Static

static

3

3ab1f51353...b5.exe

windows10-2004-x64

10

Resubmissions

20-05-2024 14:17

240520-rl2x4seb9z 10

30-04-2024 15:26

240430-st6rpshh7y 7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    3ab1f51353b630da24938d4c805d67b5.exe

  • Size

    30KB

  • Sample

    240520-rl2x4seb9z

  • MD5

    3ab1f51353b630da24938d4c805d67b5

  • SHA1

    9e6b132f6353a712f0284510bf8de84bb45613e5

  • SHA256

    ac8df5bc262460d7e9f634c2be53ac9b028c6bf101aecc9545603e3e03c9c3a4

  • SHA512

    f897a7ebffe688a8ca8b7f55012a3bbfcc78fdbc123c7f89ca396c67e30ec1f63faf60a7534fab9c7308075ecfdc1c0f363137e9f13611ec9ad92a5a4b946095

  • SSDEEP

    768:T9qZEbWhPq3K1f0Y5feMA7QOKMsDY6Ze/0kJajZL9c7YrHG:TSJxTyieM6QOKpVgHgy7Yrm

Score
10/10
orcusratspywarestealer

Malware Config

Extracted

Family

orcus

C2

154.19.164.108:446

Mutex

5535f1efc68141d4bd9b45da3cd2f270

Attributes
  • autostart_method

    Disable

  • enable_keylogger

    false

  • install_path

    %programfiles%\Orcus\Orcus.exe

  • reconnect_delay

    10000

  • registry_keyname

    Orcus

  • taskscheduler_taskname

    Orcus

  • watchdog_path

    AppData\OrcusWatchdog.exe

Targets

    • Target

      3ab1f51353b630da24938d4c805d67b5.exe

    • Size

      30KB

    • MD5

      3ab1f51353b630da24938d4c805d67b5

    • SHA1

      9e6b132f6353a712f0284510bf8de84bb45613e5

    • SHA256

      ac8df5bc262460d7e9f634c2be53ac9b028c6bf101aecc9545603e3e03c9c3a4

    • SHA512

      f897a7ebffe688a8ca8b7f55012a3bbfcc78fdbc123c7f89ca396c67e30ec1f63faf60a7534fab9c7308075ecfdc1c0f363137e9f13611ec9ad92a5a4b946095

    • SSDEEP

      768:T9qZEbWhPq3K1f0Y5feMA7QOKMsDY6Ze/0kJajZL9c7YrHG:TSJxTyieM6QOKpVgHgy7Yrm

    Score
    10/10
    orcusratspywarestealer

    • Orcus

      Orcus is a Remote Access Trojan that is being sold on underground forums.

      ratspywarestealerorcus

    • Orcurs Rat Executable

    • Executes dropped EXE

    behavioral1

MITRE ATT&CK Matrix

Tasks