orcus | b161c18a7a4b8d72ef498608c9738e57acbe3ffa633154dbe3e3d7bd56e67408 | Triage

Submit
Reports

Overview

overview

Static

static

1.exe

windows7-x64

1.exe

windows10-2004-x64

6

Sharing

General

Target

1.exe
Size

917KB
Sample

240829-wa6jdatbmb
MD5

52650eecab548e66af5a61020cc4559c
SHA1

b6d081535cdc8cbbbfed1128b1bcf361065148b6
SHA256

b161c18a7a4b8d72ef498608c9738e57acbe3ffa633154dbe3e3d7bd56e67408
SHA512

25cbed29ff0d197e83177fb4ba68ed18e4248d49fa266d51959ff4facd342a4efd0854d90559543cb7902ca0cec7dfd298dbf6626846a01e6a3504dfa835900e
SSDEEP

24576:8+5T4MROxnFi3frGrZlI0AilFEvxHiFekO:V50MiofSrZlI0AilFEvxHis

Score

10^/10

orcus discovery rat spyware stealer

Static task

static1

4 signatures

Behavioral task

behavioral1

Sample

1.exe

Resource

win7-20240729-en

orcus discovery rat spyware stealer

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

1.exe

Resource

win10v2004-20240802-en

windows10-2004-x64

3 signatures

150 seconds

Malware Config

Extracted

Family

orcus

C2

tools-packed.gl.at.ply.gg:26970

Mutex

484b9aa2eada4b5f98624563470c68b8

Attributes

autostart_method
Disable
enable_keylogger
false
install_path
%programfiles%\Orcus\Orcus.exe
reconnect_delay
10000
registry_keyname
Orcus
taskscheduler_taskname
Orcus
watchdog_path
AppData\OrcusWatchdog.exe

Targets

- Target
  
  1.exe
- Size
  
  917KB
- MD5
  
  52650eecab548e66af5a61020cc4559c
- SHA1
  
  b6d081535cdc8cbbbfed1128b1bcf361065148b6
- SHA256
  
  b161c18a7a4b8d72ef498608c9738e57acbe3ffa633154dbe3e3d7bd56e67408
- SHA512
  
  25cbed29ff0d197e83177fb4ba68ed18e4248d49fa266d51959ff4facd342a4efd0854d90559543cb7902ca0cec7dfd298dbf6626846a01e6a3504dfa835900e
- SSDEEP
  
  24576:8+5T4MROxnFi3frGrZlI0AilFEvxHiFekO:V50MiofSrZlI0AilFEvxHis
Score

10^/10

orcus discovery rat spyware stealer
- Orcus
  Orcus is a Remote Access Trojan that is being sold on underground forums.
  rat spyware stealer orcus
- Orcus main payload
- Orcurs Rat Executable
- Executes dropped EXE
- Drops desktop.ini file(s)
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

orcusdiscoveryratspywarestealer

behavioral2

© 2018-2025

Terms | Privacy