Overview

overview

10

Static

static

10

Compiled orcus.zip

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Compiled orcus.zip

  • Size

    71.0MB

  • Sample

    240822-pwb4bsxdnc

  • MD5

    fa735fbc0151b4c7be2194a9c178b257

  • SHA1

    1ec10bca17b46586fb22960e44ddf3d0e16bc6fc

  • SHA256

    f50f361616f29163a32c1d422839ffc2c3b0d0bef9dc444e9a78729de0072c89

  • SHA512

    42b237287a8eb79ee1b4f738b91273f70577a6766db3e77e002d8eb85314b2e13cf3cc07d5778b60aeaedb374a86c44d33c47c0c4b836730e53bdc208379ed48

  • SSDEEP

    1572864:Xsmke+vAQ+tcQJ7k2zfwhtBJ9EsfFId0RFfo98QlF:cuXQAdnzCtXasfFrbaH

Score
10/10
orcusdiscoveryratspywarestealer

Malware Config

Targets

    • Target

      Compiled orcus.zip

    • Size

      71.0MB

    • MD5

      fa735fbc0151b4c7be2194a9c178b257

    • SHA1

      1ec10bca17b46586fb22960e44ddf3d0e16bc6fc

    • SHA256

      f50f361616f29163a32c1d422839ffc2c3b0d0bef9dc444e9a78729de0072c89

    • SHA512

      42b237287a8eb79ee1b4f738b91273f70577a6766db3e77e002d8eb85314b2e13cf3cc07d5778b60aeaedb374a86c44d33c47c0c4b836730e53bdc208379ed48

    • SSDEEP

      1572864:Xsmke+vAQ+tcQJ7k2zfwhtBJ9EsfFId0RFfo98QlF:cuXQAdnzCtXasfFrbaH

    Score
    10/10
    orcusdiscoveryratspywarestealer

    • Contains code to disable Windows Defender

      A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.

    • Orcus

      Orcus is a Remote Access Trojan that is being sold on underground forums.

      ratspywarestealerorcus

    • Orcurs Rat Executable

    • Loads dropped DLL

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks