orcus

General

Target

be1fc4a2177662175dee98c7c2acd740370c91979cf91f6e8294a47bb908e78c
Size

918KB
Sample

240801-bln39aybmc
MD5

dbf06f8c7aac18054f713d4795f3b48f
SHA1

f6b4d693d2d39b8a3f61311b7c94d381583334c8
SHA256

be1fc4a2177662175dee98c7c2acd740370c91979cf91f6e8294a47bb908e78c
SHA512

043b0c84e6616376fd5830a85b03a5188bb1b752f94cdbd1f5b6bf88a4ace2a031a5365f7b45e147e3869945150ebbe1a92009852ba544fec7dca8d52318ea77
SSDEEP

24576:M554MROxnFZ3aIBM4+rrcI0AilFEvxHPGoov:MQMi7ae+rrcI0AilFEvxHP

Score

10^/10

Malware Config

Extracted

Family

orcus

Botnet

тест

C2

192.168.101.102:37375

Mutex

931740ae9b854115addd9f6dfdf826c4

Attributes

autostart_method
TaskScheduler
enable_keylogger
true
install_path
%programfiles%\Orcus\Orcus.exe
reconnect_delay
10000
registry_keyname
Orcus
taskscheduler_taskname
Orcus
watchdog_path
AppData\OrcusWatchdog.exe

Targets

- Target
  
  be1fc4a2177662175dee98c7c2acd740370c91979cf91f6e8294a47bb908e78c
- Size
  
  918KB
- MD5
  
  dbf06f8c7aac18054f713d4795f3b48f
- SHA1
  
  f6b4d693d2d39b8a3f61311b7c94d381583334c8
- SHA256
  
  be1fc4a2177662175dee98c7c2acd740370c91979cf91f6e8294a47bb908e78c
- SHA512
  
  043b0c84e6616376fd5830a85b03a5188bb1b752f94cdbd1f5b6bf88a4ace2a031a5365f7b45e147e3869945150ebbe1a92009852ba544fec7dca8d52318ea77
- SSDEEP
  
  24576:M554MROxnFZ3aIBM4+rrcI0AilFEvxHPGoov:MQMi7ae+rrcI0AilFEvxHP
Score

10^/10

orcus тест discovery rat spyware stealer
- Orcus
  Orcus is a Remote Access Trojan that is being sold on underground forums.
  rat spyware stealer orcus
- Orcus main payload
- Orcurs Rat Executable
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Orcus main payload

Orcurs Rat Executable

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2