orcus | 2e6e4938bd45ac55dfc1b0c4a7766d1aa622e626cd4a18249600fe1392c788d6 | Triage

Submit
Reports

Overview

overview

Static

static

3

2e6e4938bd...d6.exe

windows10-2004-x64

Resubmissions

20-05-2024 14:18

240520-rmd8fadd88 10

Sharing

General

Target

2e6e4938bd45ac55dfc1b0c4a7766d1aa622e626cd4a18249600fe1392c788d6.exe
Size

85KB
Sample

240520-rmd8fadd88
MD5

ea992313f3c2893aa165dbc9f2a1c166
SHA1

a8d9662dfd1167a234cfb37c70cde26564c428d2
SHA256

2e6e4938bd45ac55dfc1b0c4a7766d1aa622e626cd4a18249600fe1392c788d6
SHA512

28bdf6ef4948152ee07a84588cda847a8fd8fda897e725f0f6271cc8414d42913ca7dd5432cd6a5aefb5afd6ffe496e03a1a4adf11ac908813bed565c82685d7
SSDEEP

1536:BIJNZCSa6mouFlxtQdRTDP5Q8OA1BQclg1DnkN6UlpmR4rNlkIlsEl9yq1RX2MJU:iJNZCSa6mouFlxtQdRTDP5Q8OA1BQcls

Score

10^/10

orcus rat spyware stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

2e6e4938bd45ac55dfc1b0c4a7766d1aa622e626cd4a18249600fe1392c788d6.exe

Resource

win10v2004-20240426-en

orcus rat spyware stealer

windows10-2004-x64

5 signatures

300 seconds

Malware Config

Extracted

Family

orcus

C2

154.212.149.59:446

Mutex

315ff0624fe74021970d128fbc96aa53

Attributes

autostart_method
Disable
enable_keylogger
false
install_path
%programfiles%\Orcus\Orcus.exe
reconnect_delay
10000
registry_keyname
Orcus
taskscheduler_taskname
Orcus
watchdog_path
AppData\OrcusWatchdog.exe

Targets

- Target
  
  2e6e4938bd45ac55dfc1b0c4a7766d1aa622e626cd4a18249600fe1392c788d6.exe
- Size
  
  85KB
- MD5
  
  ea992313f3c2893aa165dbc9f2a1c166
- SHA1
  
  a8d9662dfd1167a234cfb37c70cde26564c428d2
- SHA256
  
  2e6e4938bd45ac55dfc1b0c4a7766d1aa622e626cd4a18249600fe1392c788d6
- SHA512
  
  28bdf6ef4948152ee07a84588cda847a8fd8fda897e725f0f6271cc8414d42913ca7dd5432cd6a5aefb5afd6ffe496e03a1a4adf11ac908813bed565c82685d7
- SSDEEP
  
  1536:BIJNZCSa6mouFlxtQdRTDP5Q8OA1BQclg1DnkN6UlpmR4rNlkIlsEl9yq1RX2MJU:iJNZCSa6mouFlxtQdRTDP5Q8OA1BQcls
Score

10^/10

orcus rat spyware stealer
- Orcus
  Orcus is a Remote Access Trojan that is being sold on underground forums.
  rat spyware stealer orcus
- Orcurs Rat Executable
- Executes dropped EXE
behavioral1

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

orcusratspywarestealer

© 2018-2025

Terms | Privacy