Resubmissions

10-06-2024 14:34

240610-rxelyszenj 10

16-05-2024 07:32

240516-jcykbsaf35 7

General

  • Target

    958c4f1f63aa4b0916c3443e86ee5c4b.exe

  • Size

    85KB

  • Sample

    240610-rxelyszenj

  • MD5

    958c4f1f63aa4b0916c3443e86ee5c4b

  • SHA1

    94b33d97c41f88a5363688fb753ff21df5dd41e0

  • SHA256

    f20585f92942d4406423ebe1257b5eae8a460721e00bea42dc70ec948bd49f2e

  • SHA512

    b7d12d0d0ce224dca54f1819c485d1e10c53f0d2ce57f9815f9a829770e3dc21697659e0cad3dae426d352a1892d6c8b2cda7a85bc065b07b6254035a0247d0b

  • SSDEEP

    1536:ygLGdUFcYJnl3lU0PY5lZCXS85X2WlDeSdDatDRZl3pZduO+drmM+qckIt33+ld6:ygLGdUFcYJnl3lU0PY5lZCXS85X2WlDA

Malware Config

Extracted

Family

orcus

C2

154.212.149.59:446

Mutex

315ff0624fe74021970d128fbc96aa53

Attributes
  • autostart_method

    Disable

  • enable_keylogger

    false

  • install_path

    %programfiles%\Orcus\Orcus.exe

  • reconnect_delay

    10000

  • registry_keyname

    Orcus

  • taskscheduler_taskname

    Orcus

  • watchdog_path

    AppData\OrcusWatchdog.exe

Targets

    • Target

      958c4f1f63aa4b0916c3443e86ee5c4b.exe

    • Size

      85KB

    • MD5

      958c4f1f63aa4b0916c3443e86ee5c4b

    • SHA1

      94b33d97c41f88a5363688fb753ff21df5dd41e0

    • SHA256

      f20585f92942d4406423ebe1257b5eae8a460721e00bea42dc70ec948bd49f2e

    • SHA512

      b7d12d0d0ce224dca54f1819c485d1e10c53f0d2ce57f9815f9a829770e3dc21697659e0cad3dae426d352a1892d6c8b2cda7a85bc065b07b6254035a0247d0b

    • SSDEEP

      1536:ygLGdUFcYJnl3lU0PY5lZCXS85X2WlDeSdDatDRZl3pZduO+drmM+qckIt33+ld6:ygLGdUFcYJnl3lU0PY5lZCXS85X2WlDA

    • Orcus

      Orcus is a Remote Access Trojan that is being sold on underground forums.

    • Orcurs Rat Executable

    • Executes dropped EXE

MITRE ATT&CK Matrix

Tasks