orcus | 1aa417fb46cf1d96484fe54ad25cf66105e9b5e2cef735a836e5d57962540f53

Analysis

max time kernel
16s
max time network
16s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
14/08/2024, 14:07

Target

9667a845e450e37f530aa6b66b12d8cc_JaffaCakes118.exe
Size

2.8MB
MD5

9667a845e450e37f530aa6b66b12d8cc
SHA1

ec161be67bc5dd933208a43af1a9d0ea855e92b7
SHA256

1aa417fb46cf1d96484fe54ad25cf66105e9b5e2cef735a836e5d57962540f53
SHA512

d6eec1a78ec332d8dd04d89d84e9ef29acf3e5c1ad834ecd5facec6271e19496c07b05823046e5bb358050021b84309139421795b28f19e09c9f321bc29820d4
SSDEEP

49152:JrJiw+BYlgu6pIrPEQCxVrJS8O17uAIgiC/HVMlrJdvJtgf1j6RuJsrn:Jdg9pEP/C3rc8zFgiC/HWddvJM0gJ

Score

10^/10

Orcus
Orcus is a Remote Access Trojan that is being sold on underground forums.
rat spyware stealer orcus

Core1 .NET packer 1 IoCs

Detects packer/loader used by .NET malware.

resource	yara_rule
behavioral1/memory/1872-4-0x000000001D110000-0x000000001D41E000-memory.dmp	Core1

Orcurs Rat Executable 1 IoCs

resource	yara_rule
behavioral1/memory/1872-4-0x000000001D110000-0x000000001D41E000-memory.dmp	orcus

C:\Users\Admin\AppData\Local\Temp\9667a845e450e37f530aa6b66b12d8cc_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\9667a845e450e37f530aa6b66b12d8cc_JaffaCakes118.exe"
1⤵
PID:1872

memory/1872-0-0x000007FEF6193000-0x000007FEF6194000-memory.dmp

Filesize
4KB

Download
memory/1872-1-0x000000013F2D0000-0x000000013F598000-memory.dmp

Filesize
2.8MB

Download
memory/1872-2-0x000000001C060000-0x000000001C470000-memory.dmp

Filesize
4.1MB

Download
memory/1872-3-0x000007FEF6190000-0x000007FEF6B7C000-memory.dmp

Filesize
9.9MB

Download
memory/1872-4-0x000000001D110000-0x000000001D41E000-memory.dmp

Filesize
3.1MB

Download
memory/1872-5-0x000007FEF6190000-0x000007FEF6B7C000-memory.dmp

Filesize
9.9MB

Download