Analysis
-
max time kernel
0s -
max time network
1s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
03-09-2024 23:31
General
-
Target
Orcus.Administration.exe
-
Size
16.2MB
-
MD5
47c82b9e924c42876d6d4e40908888f7
-
SHA1
b3ef96ff2f1833ffd332c5246e34ebdd47c7e250
-
SHA256
26d5dadb8fec5f13b488f0532dbcf4d9cb4331ad1b7e7277ac9331fa39275528
-
SHA512
83f41c85b51df8d80bc2b63f89d497fe979d340607137b7822b80b8da9f5fa3b9e358554ceedb807a29a38828c331a93f1f32569a66065a2b09c5d572764a9c0
-
SSDEEP
393216:apC4606R60B8vYfZ9DfZ9DSK7SftLaeH+:NJOcPLPte
Score
10/10
Malware Config
Signatures
-
Orcus
Orcus is a Remote Access Trojan that is being sold on underground forums.
-
Orcurs Rat Executable 1 IoCs
-
Program crash 1 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\Orcus.Administration.exe"C:\Users\Admin\AppData\Local\Temp\Orcus.Administration.exe"1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2416 -s 5442⤵
- Program crash
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
4KB
-
Filesize
16.2MB