orcus | fb84dd4ac25fc62b6eb922badaa84c53d71639c89903d155bc11304bea0df984 | Triage

Submit
Reports

Overview

overview

Static

static

fb84dd4ac2...84.exe

windows7-x64

fb84dd4ac2...84.exe

windows10-2004-x64

Sharing

General

Target

fb84dd4ac25fc62b6eb922badaa84c53d71639c89903d155bc11304bea0df984
Size

3.1MB
Sample

240601-bwmyyach8s
MD5

5f5733f2d10d4c7540cfad004a1a66a3
SHA1

2d937253d9ac339e5d636af50cd8429ccac39977
SHA256

fb84dd4ac25fc62b6eb922badaa84c53d71639c89903d155bc11304bea0df984
SHA512

ee577e31ef7dd5d2a47891d86bfe45a88aba154c6b291b7008f1f8ff8d3dde943b056927dd337c6c74aa0e21f7d9868909f1841686d6306e9bbd14b83512c736
SSDEEP

98304:1VtODUKTslWp2MpbfGGilIJPypSbxEo9JCmV:UUKTtEgNilIJPypSbJCi

Score

10^/10

orcus pdf rat spyware stealer

Static task

static1

4 signatures

Behavioral task

behavioral1

Sample

fb84dd4ac25fc62b6eb922badaa84c53d71639c89903d155bc11304bea0df984.exe

Resource

win7-20240221-en

orcus pdf rat spyware stealer

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

fb84dd4ac25fc62b6eb922badaa84c53d71639c89903d155bc11304bea0df984.exe

Resource

win10v2004-20240508-en

orcus pdf rat spyware stealer

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Extracted

Family

orcus

Botnet

PDF

C2

192.168.0.100:10134

Mutex

4c02bb39af5f434ea8ccdf8d1d4c4bc9

Attributes

autostart_method
Registry
enable_keylogger
true
install_path
%programfiles%\pdf\pdf
reconnect_delay
10000
registry_keyname
pdf
taskscheduler_taskname
pdf
watchdog_path
AppData\PDF

Targets

- Target
  
  fb84dd4ac25fc62b6eb922badaa84c53d71639c89903d155bc11304bea0df984
- Size
  
  3.1MB
- MD5
  
  5f5733f2d10d4c7540cfad004a1a66a3
- SHA1
  
  2d937253d9ac339e5d636af50cd8429ccac39977
- SHA256
  
  fb84dd4ac25fc62b6eb922badaa84c53d71639c89903d155bc11304bea0df984
- SHA512
  
  ee577e31ef7dd5d2a47891d86bfe45a88aba154c6b291b7008f1f8ff8d3dde943b056927dd337c6c74aa0e21f7d9868909f1841686d6306e9bbd14b83512c736
- SSDEEP
  
  98304:1VtODUKTslWp2MpbfGGilIJPypSbxEo9JCmV:UUKTtEgNilIJPypSbJCi
Score

10^/10

orcus pdf rat spyware stealer
- Orcus
  Orcus is a Remote Access Trojan that is being sold on underground forums.
  rat spyware stealer orcus
- Orcus main payload
- Orcurs Rat Executable
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

orcuspdfratspywarestealer

behavioral2

orcuspdfratspywarestealer

© 2018-2025

Terms | Privacy