General

  • Target

    4346e01001903432c6da8a05fa653030081379a9d4c648b22cdd318b5b165788

  • Size

    5.0MB

  • Sample

    240611-br98nsydkf

  • MD5

    f1ba7a7f631a21d3c5967dcabd56864f

  • SHA1

    098faa39a5eeeaad11b73ccf51b4bae6e9ab88bc

  • SHA256

    4346e01001903432c6da8a05fa653030081379a9d4c648b22cdd318b5b165788

  • SHA512

    c764b7bc0646fdbe1ae3687a0f08dad7bc724e308c7cd7fb993f7933686cef8b4b9c2be1248061d36733ac3224e3e003edb59736a783bc2f6e59ddc51fbd2bb6

  • SSDEEP

    12288:s0XCGPSX0zbyD+ndg+QCImGYUl9qyzlkE2kUNC7JsLdn48F1IepdkRI7dG1lFlWQ:nIY4MROxnFtMrrcI0AilFEvxHP6Xoon

Malware Config

Extracted

Family

orcus

C2

192.168.0.150:5553

Mutex

9df0748f400a43fd822ce4ad25dd540c

Attributes
  • autostart_method

    TaskScheduler

  • enable_keylogger

    true

  • install_path

    %programfiles%\Orcus\Orcus.exe

  • reconnect_delay

    10000

  • registry_keyname

    Orcus

  • taskscheduler_taskname

    Orcus

  • watchdog_path

    AppData\OrcusWatchdog.exe

Targets

    • Target

      4346e01001903432c6da8a05fa653030081379a9d4c648b22cdd318b5b165788

    • Size

      5.0MB

    • MD5

      f1ba7a7f631a21d3c5967dcabd56864f

    • SHA1

      098faa39a5eeeaad11b73ccf51b4bae6e9ab88bc

    • SHA256

      4346e01001903432c6da8a05fa653030081379a9d4c648b22cdd318b5b165788

    • SHA512

      c764b7bc0646fdbe1ae3687a0f08dad7bc724e308c7cd7fb993f7933686cef8b4b9c2be1248061d36733ac3224e3e003edb59736a783bc2f6e59ddc51fbd2bb6

    • SSDEEP

      12288:s0XCGPSX0zbyD+ndg+QCImGYUl9qyzlkE2kUNC7JsLdn48F1IepdkRI7dG1lFlWQ:nIY4MROxnFtMrrcI0AilFEvxHP6Xoon

    • Orcus

      Orcus is a Remote Access Trojan that is being sold on underground forums.

    • Orcus main payload

    • Orcurs Rat Executable

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.