orcus | de157bce790e78c95bfd5cffab422d55f6e6a58d7138b7bb9890470927e26a71 | Triage

Submit
Reports

Overview

overview

Static

static

de157bce79...71.exe

windows7-x64

de157bce79...71.exe

windows10-2004-x64

Sharing

General

Target

de157bce790e78c95bfd5cffab422d55f6e6a58d7138b7bb9890470927e26a71
Size

1.1MB
Sample

240602-bhytaade7z
MD5

37981d783304098918585c0601b47e33
SHA1

7a2b9276680d3bb89d83910837c00a756b48d84b
SHA256

de157bce790e78c95bfd5cffab422d55f6e6a58d7138b7bb9890470927e26a71
SHA512

874bc244de8d28ac80e75d2aaaedc19eed9db292a12d89e658f0fd6b4db92dc6e50f137952106e5f36daa4bb914fe07a4e053e8f81472b77ad254e1113f35ed1
SSDEEP

24576:8Ai4MROxnFl3dzMrrcI0AilFEvxHPWooOd:8gMirGrrcI0AilFEvxHP

Score

10^/10

orcus nigga rat spyware stealer

Static task

static1

4 signatures

Behavioral task

behavioral1

Sample

de157bce790e78c95bfd5cffab422d55f6e6a58d7138b7bb9890470927e26a71.exe

Resource

win7-20240419-en

orcus nigga rat spyware stealer

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

de157bce790e78c95bfd5cffab422d55f6e6a58d7138b7bb9890470927e26a71.exe

Resource

win10v2004-20240508-en

orcus nigga rat spyware stealer

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Extracted

Family

orcus

Botnet

nigga

C2

10.0.2.15:10134

Mutex

b5de90708c8d4cec988950af132b8790

Attributes

autostart_method
Disable
enable_keylogger
false
install_path
%programfiles%\Orcus\Orcus.exe
reconnect_delay
10000
registry_keyname
Orcus
taskscheduler_taskname
Orcus
watchdog_path
AppData\OrcusWatchdog.exe

Targets

- Target
  
  de157bce790e78c95bfd5cffab422d55f6e6a58d7138b7bb9890470927e26a71
- Size
  
  1.1MB
- MD5
  
  37981d783304098918585c0601b47e33
- SHA1
  
  7a2b9276680d3bb89d83910837c00a756b48d84b
- SHA256
  
  de157bce790e78c95bfd5cffab422d55f6e6a58d7138b7bb9890470927e26a71
- SHA512
  
  874bc244de8d28ac80e75d2aaaedc19eed9db292a12d89e658f0fd6b4db92dc6e50f137952106e5f36daa4bb914fe07a4e053e8f81472b77ad254e1113f35ed1
- SSDEEP
  
  24576:8Ai4MROxnFl3dzMrrcI0AilFEvxHPWooOd:8gMirGrrcI0AilFEvxHP
Score

10^/10

orcus nigga rat spyware stealer
- Orcus
  Orcus is a Remote Access Trojan that is being sold on underground forums.
  rat spyware stealer orcus
- Orcurs Rat Executable
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

orcusniggaratspywarestealer

behavioral2

orcusniggaratspywarestealer

© 2018-2025

Terms | Privacy