orcus

Sharing

Copy URL

Twitter E-mail

General

Target

Orcus RAT 1.9.1.rar
Size

20.2MB
Sample

240720-tdaj1asbnq
MD5

11b2b254c7e9f3ae091411ae236174ec
SHA1

82543b6930ca60a47abc465b57f5d11f4923ffd0
SHA256

4bd238af793445deb779e83f05915fc74ba980516aada1940bcab4d4e7608fcd
SHA512

05eaa5270c24f5670e369fc687f9e2550c80e38324f4a0a2d5de2efe3dfe0a8ded00e5529fe73bd1a1e77e037f7e8c0b48729c4579c4c6798aad06ab5c2c1b5b
SSDEEP

393216:9VQhu/6TRMyKbIORTZ7l7p0y2YDJeXW4Hy3W5WKJcl9yu9zL7gkp+a8ryIL9IEMS:9V4m6T/KI4rd2pXW4HyVbhLkkbWyU+NY

Score

10^/10

Malware Config

Targets

- Target
  
  Orcus RAT 1.9.1/Orcus.Administration/Orcus.Administration.exe
- Size
  
  3.9MB
- MD5
  
  37349777df1cc9c8d3d62eb733f7cd45
- SHA1
  
  456233fa947ab155dbe5636eda0a77346197bb4c
- SHA256
  
  0121f2d7ddc074ffa05619dbb2a4b555a4b550168a765b57fa8bd9298a7e4b52
- SHA512
  
  ca4e1a39dbb0fa0c6bbef7142cf457856cc2db14c03b5b9ea5c28811a3a70cc05505320f50e133e166aad25d779ac043b0f29b09bb34a342f5111603cc5dd074
- SSDEEP
  
  49152:VZV/t1QLjeVxAl40NVANW8cyTXTG1H66VbTWnepAl4:VZVDVxAl40NG48cyTKjVbTWnepAl4
Score

10^/10

orcus rat spyware stealer
- Orcus
  Orcus is a Remote Access Trojan that is being sold on underground forums.
  rat spyware stealer orcus
- Orcurs Rat Executable
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2
- Target
  
  Orcus RAT 1.9.1/Orcus.Administration/libraries/AForge.Video.DirectShow.dll
- Size
  
  60KB
- MD5
  
  17ed442e8485ac3f7dc5b3c089654a61
- SHA1
  
  d3a17c1fdd6d54951141053f88bf8238dea0b937
- SHA256
  
  666d44798d94eafa1ed21af79e9bc0293ffd96f863ab5d87f78bcee9ef9ffd6b
- SHA512
  
  9118bf11760354e9971ae8b27f7f6a405e46145b39ca6e6b413cb2e729e51304b895965e9140f66c9e3ef7caa4f344762bf059688b23dd32e4c2df271394fea2
- SSDEEP
  
  1536:XwumrikcyTpOKVi+Dqp6viPUCcvKWz3NTpAK+7KI4v8U:6dOKViKa6pOWbhpAKyKIVU
Score

1^/10
behavioral3 behavioral4
- Target
  
  Orcus RAT 1.9.1/Orcus.Administration/libraries/AForge.Video.dll
- Size
  
  20KB
- MD5
  
  0bd34aa29c7ea4181900797395a6da78
- SHA1
  
  ddffdcef29daddc36ca7d8ae2c8e01c1c8bb23a8
- SHA256
  
  bafa6ed04ca2782270074127a0498dde022c2a9f4096c6bb2b8e3c08bb3d404d
- SHA512
  
  a3734660c0aba1c2b27ab55f9e578371b56c82754a3b7cfd01e68c88967c8dada8d202260220831f1d1039a5a35bd1a67624398e689702481ac056d1c1ddcdb0
- SSDEEP
  
  384:Wu9f/hWFwLX+WJ7gfZLTswhHDlOdKaCxkyf0l:HfpZL9uxE9Cxd8l
Score

1^/10
behavioral5 behavioral6
- Target
  
  Orcus RAT 1.9.1/Orcus.Administration/libraries/Be.Windows.Forms.HexBox.dll
- Size
  
  84KB
- MD5
  
  1abb997d4e809b9d7f9016617dc01294
- SHA1
  
  b249037720e408128e6559d02a7a8772db6d4438
- SHA256
  
  4938a4dbb51fd8d35dfdf2c5d42e9a127b9365d495461864e6bb9ec7fc9a3cb7
- SHA512
  
  c943a9ad6cfde82fb3e30bffd96006b4524e3c9348da66fd461be44e8e093afbe58d9da121494d9e557b1fd052413e651e5d1c549f8508e5061640818d895b1a
- SSDEEP
  
  1536:vOo386x64hWu/19AQhZRxZJhn1fHJ1Y4eXrEBKsC5FfCf3vb7kn7kTXkF5Gj5qRQ:z38BEzAh5Cf/4t/0hoWp
Score

1^/10
behavioral7 behavioral8
- Target
  
  Orcus RAT 1.9.1/Orcus.Administration/libraries/CSCore.dll
- Size
  
  519KB
- MD5
  
  94a312a6fcec0e78808bcea3d8ff67f5
- SHA1
  
  fe760487d13f9a6f5f359036561105d4aca88a1f
- SHA256
  
  e835139171eb0d63b6b4e02b0997cac040c02d295648a275d4c8d28b234c8e94
- SHA512
  
  ecdedeee1ee4e35e4fbd2dea3a4dd8b0805166a9610a63affbfb673f2644588eacecba6b3a5a0052c202ab14c321800997512abc318d36a50b00cc86dc83ec1c
- SSDEEP
  
  6144:qTOLDSWi9it6YQSJpAJNSgwB4dIiZsxFrRz0JfBT8hVNuNdrmh4K:oa2WR/YOBIORIJf84K
Score

1^/10
behavioral10 behavioral9
- Target
  
  Orcus RAT 1.9.1/Orcus.Administration/libraries/ControlzEx.dll
- Size
  
  176KB
- MD5
  
  952ae691d9f17599a521b2d04aceeb46
- SHA1
  
  55e0fa225c6fac6f25b28fd67ef844283d96c9c0
- SHA256
  
  241cb77017dc48e7cfac4bfbd005abb66432b9f4bf8cfd4f819b628d90f97fe0
- SHA512
  
  53246224c9fd54ba6bd61f204aaa166b1431a4bde53b5b6ef48ccd7fc90ac3a9ddf5f5ad74deb730dcb315d03794ed416a5448550ceda175662a49ea0b5c3d02
- SSDEEP
  
  3072:FwkXm5RYe8R9HFif0ABkS9p+dFtp04M9Y8B3UVk7pq7F0E7:GYBL6p9pwFtppM9Y81Sk7pq7F0E
Score

1^/10
behavioral11 behavioral12
- Target
  
  Orcus RAT 1.9.1/Orcus.Administration/libraries/DirectoryInfoEx.dll
- Size
  
  225KB
- MD5
  
  87bd229e9b3944bff401157729c17427
- SHA1
  
  42a05e867fc7bdcc51b7e1e7e06806952dd8dcd8
- SHA256
  
  442c0fee392d42a5f81444aae38446290bb8dc90c9256e62bce9e95e9a9a8202
- SHA512
  
  52205a55c8cda293f55cc0626f1ee594e0ceca770f3392b3758cdd9d710f1355de6fb6d3fafe36cf16f7dddeb518ace6cd4c95eaa74a0762742305316c7a9f52
- SSDEEP
  
  6144:jlxNNy5JVVvc70yK1P7QrbvyOfXnwccMTLfPPGHcQX3vHXnX/WhXfr4sJvJQcd47:5xe5JVVkNKBgvyOfXnwccMTLfPPGHcQ/
Score

1^/10
behavioral13 behavioral14
- Target
  
  Orcus RAT 1.9.1/Orcus.Administration/libraries/Exceptionless.Signed.dll
- Size
  
  734KB
- MD5
  
  4787a519cfd30d7a7687ee62de7d8a47
- SHA1
  
  9f9213692517aaa331ab0622e24b9458f483e95e
- SHA256
  
  57b7be985c0b4630b8ca581e978e88671ae5912d06807891edd1d10e552d3765
- SHA512
  
  c74f7f4396082ab6f245ac7fcc61161cbc5582464bc78b3cf42deb08f9e44304568f462753b5c25122bcac4f58e766594426f7ff044d14c7b17f24825d3109d0
- SSDEEP
  
  12288:SIKYlJjYbqxA6eWYHSpim8bVNVJIdUMhik5Kp5dBHLrVr4JOQ:l9a6erSpim8ZNVJI6x5dBHLrVr4JOQ
Score

1^/10
behavioral15 behavioral16
- Target
  
  Orcus RAT 1.9.1/Orcus.Administration/libraries/Exceptionless.Wpf.Signed.dll
- Size
  
  26KB
- MD5
  
  1b3a319b40f7cf78253d79ce3b8c0d42
- SHA1
  
  23b6d076946967e4921f97e024ed68b72cbfbe3b
- SHA256
  
  60cc0b13a13be7b36f2e1637b4d8f7f64ccef198bb258b318fde9c2810ac2447
- SHA512
  
  48ab69135c9f8c54eaf2c7b561ebf475d2a61e5911bcdf469b777f3bdea3d04697805fe09de7f81d57466e0904d2b625c7a1fd35e07f574c70ac70a6d486faf2
- SSDEEP
  
  384:4foIgJjjnB13YuPwfkaNOAsL6L5vGLxrZfvTOtDTjzImcOFz/Ym1T9yQT0B0Am9B:4foZjjBJiLxkOtDbcsz/9NVGZBw7
Score

1^/10
behavioral17 behavioral18
- Target
  
  Orcus RAT 1.9.1/Orcus.Administration/libraries/FluentCommandLineParser.dll
- Size
  
  43KB
- MD5
  
  d0220eb32a8a631ca29f55929c7046cb
- SHA1
  
  553ec4ecc90676c7bb1de9f75a6b1226f39677aa
- SHA256
  
  e6124423367a9ec411176e2714c16a041c1a8b3e1691845040b57b0d779bef14
- SHA512
  
  63c2d7ac019d511751c57153bde64c5c57819a74ffbd1a893ea980211185296f018bc09980537394bb33e92508b4e14d87da8a6fba2ca87b820b9276d07a3445
- SSDEEP
  
  768:/WDesbk1hc+zloHIC/+9LXPnnx+N8iRnFidzsREmm:eDejkc9LnAzaIRS
Score

1^/10
behavioral19 behavioral20
- Target
  
  Orcus RAT 1.9.1/Orcus.Administration/libraries/GongSolutions.WPF.DragDrop.dll
- Size
  
  108KB
- MD5
  
  31c8b0fc79d9ec1b1cd4e57ce74c3560
- SHA1
  
  feb1663c85da937fa94d6ec0f1c1d96b3b1c0496
- SHA256
  
  abb63fdf8125a59096918778e4c1f9afdac3fe08b37c700895bfafdd8b63abfc
- SHA512
  
  b8280877af5c1b9a925abb4cf562003a82d8cdd9a84b5c76a456b5439b7b59c826aeac4ea9c84c8e37a8d37ed53f48334ecf23eb31bc31cd2fe3086379a8f70e
- SSDEEP
  
  3072:QzxuS44j1DkuoIHuFDLe4OThhOFLHyDkiEo+jK7G:QES4wNS/sXOFLHyDkiujK7
Score

1^/10
behavioral21 behavioral22
- Target
  
  Orcus RAT 1.9.1/Orcus.Administration/libraries/ICSharpCode.AvalonEdit.dll
- Size
  
  605KB
- MD5
  
  8f36b03d547fb3e0f9654d4f3074b89f
- SHA1
  
  efa7dc54a626c20cbaec3b19b517a2ab64ac6e63
- SHA256
  
  941d014ff2689248704b92e4de92bc7a6015a4fcd31dec426ef2d727acc04231
- SHA512
  
  27c3020357d19a1498fff8c70d86e501b2b691a179fcf82d4590f371df6130157e7a88c97d5d22c9dcebd4d94af54d2aff90bb12589b88e6b65f3f50e9067509
- SSDEEP
  
  6144:kiYcovb1WrZKNhU7nMjaR6dmnItzdSdoO+MSHMb5RKs8rvD288LPnM+k3XjXAUiW:kPcovbRon6cSEKvrvS88Lf1ltm
Score

1^/10
behavioral23 behavioral24
- Target
  
  Orcus RAT 1.9.1/Orcus.Administration/libraries/ICSharpCode.SharpZipLib.dll
- Size
  
  196KB
- MD5
  
  c8164876b6f66616d68387443621510c
- SHA1
  
  7a9df9c25d49690b6a3c451607d311a866b131f4
- SHA256
  
  40b3d590f95191f3e33e5d00e534fa40f823d9b1bb2a9afe05f139c4e0a3af8d
- SHA512
  
  44a6accc70c312a16d0e533d3287e380997c5e5d610dbeaa14b2dbb5567f2c41253b895c9817ecd96c85d286795bbe6ab35fd2352fddd9d191669a2fb0774bc4
- SSDEEP
  
  3072:hjMibqfQqFyGCDXiW9Pp/+Tl4abpuu201PB1BBXIDwtqSPVINrAfvp1:GibqI59PpOPf201/z7p
Score

1^/10
behavioral25 behavioral26
- Target
  
  Orcus RAT 1.9.1/Orcus.Administration/libraries/Lidgren.Network.dll
- Size
  
  117KB
- MD5
  
  a6fdc03e2cbdfa9d393512606097a1ff
- SHA1
  
  c63933c082d282a284250deceb51d0d300647fe7
- SHA256
  
  bf9948c27bd2947a42ea51ccc63b93f2b9030bd117393e1d7637a5770b9b0776
- SHA512
  
  2ec59fd17cd34741ab8d0ef0d8ef3533ef38b03e98d65bb1a19940349b16e47142b0d407946cb05bfc63d7859c1472c0906a72be0e1dcee0c170b80270ad6ca2
- SSDEEP
  
  3072:vmwfq+PlFS1gh72NkCM9eu3JcCDMFfXZkHhKQ6u80y8/ko1r8ApI9G:uaVh7CTu3iI/NJe
Score

1^/10
behavioral27 behavioral28
- Target
  
  Orcus RAT 1.9.1/Orcus.Administration/libraries/MahApps.Metro.IconPacks.Material.dll
- Size
  
  1.1MB
- MD5
  
  d8e627aadfb6dfed292be0672faa9f15
- SHA1
  
  2a7f51711bffd75ecb2d7ff2f510c89eecd16366
- SHA256
  
  97f4ca8c89ee13b8c249ca6f929d067ba3e87be07b4afa372fdc0a7e9e6e78e1
- SHA512
  
  d5139830d367a29e76ca260d9b17955cff80f1779c157551642f7e13d9abd265335ba0bbda433e8898042d482f29d79c48683fede4b8af746b69a7dfcd02098c
- SSDEEP
  
  6144:z40kYmQYwygR8Vi3vTZ20kuCcrY5eakqF09HfnmnygreJrextoqQpddv0dxHde:MpYm
Score

1^/10
behavioral29 behavioral30
- Target
  
  Orcus RAT 1.9.1/Orcus.Administration/libraries/MahApps.Metro.dll
- Size
  
  1.0MB
- MD5
  
  735bea953b819dc0874176355e3e3141
- SHA1
  
  8ff71613230d454ec27d7b7ee6795289751a5277
- SHA256
  
  1af18a7eae467706f699dea9fcade9635ea2e331737501b72910413dfb12f17c
- SHA512
  
  2963d60fd6c182fa01b62ada3894987ba34f317b5c0cb92905a92930d68a6eeca5f4511d3d36a4ed4a0c3e3851f3ca16683ce9e8d98567f8cc206b973fee5148
- SSDEEP
  
  12288:3EAVRt0dmk6GmfvE4v4ICwQGZDHSxV/INvHG:3EAVRtOB6Gy/v4ICwQGZDHSxV/wvHG
Score

1^/10
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Orcurs Rat Executable

Checks computer location settings

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32