General
-
Target
OrcusRATmain.zip
-
Size
25.0MB
-
Sample
240910-tmng8atdph
-
MD5
4ebe8621171038676189cbc5e7053d9f
-
SHA1
2e3a3b97163d1e8af1e41c36f9495062fb4b1934
-
SHA256
3786d314f4e3906400b24657ed15fca047576eba9cf17630246db69503fdbea3
-
SHA512
e0091ae9f3acddc7e8d11b89a60debc3dab57b8af57bde4a3f538b2283eae398a1adec8224bf5fd2d0be61be015fc2a79c49b06cf786945073e1cc87d66be356
-
SSDEEP
786432:DFrAoo07VJxiSdlBx4IVwXuOHKW3kijZk:hrA+xJBgIEuMUiNk
Malware Config
Targets
-
-
Target
OrcusRAT-main/How To Open Port All Tutorial.url
-
Size
96B
-
MD5
e6e103fb45cbe55836826bc3410efcc0
-
SHA1
ff589e9f655d3368571562711b954f301615d457
-
SHA256
99e7a2772fa7b583be865188c49e15d8294569d820bb29be95cee538a6a5f494
-
SHA512
d41fa5eb682f9c2a1eddcac0a79cdda9f7228b9080c843ce5e7aa1ef027f8c773733faa471e44ca76a37e405d5488c29f34e1785f149115bd65f01fb3b52acb7
Score1/10 -
-
-
Target
OrcusRAT-main/How To Setup a Rat.url
-
Size
96B
-
MD5
8d61646db59cc7460b40bc79001a40a1
-
SHA1
e43cdfb3d27a0cb4b4532053c27810abf06d415e
-
SHA256
c5d1bc7427609e082195ad8db57c9b35b274e3df63a92d78917334425730d1e7
-
SHA512
9eef7dcaa96a52d52caff6b9709f8377437ff201e976761eec8c35669f946ef111d7da9528c8f253f469969513e4ec5e6a5d0b861665254a6564f8c2d85d9f99
Score1/10 -
-
-
Target
OrcusRAT-main/Orcus.Administration.exe
-
Size
16.2MB
-
MD5
a6347e4e194adb6d2a3fae52598d8cdd
-
SHA1
aa06c496c20d6e04142d4a5205a032680a452a0d
-
SHA256
911e3e95efddbae9d1c2f4b04027567c76823116755097b5868b7241c7e30cbc
-
SHA512
2ee24604c0edbc09096e2344ca6c1f74b1067b9aff7f077d0b4e42cd8f51dd1116e98016e34f0a1d951fcdbc8bfed33b1709a9692ba95b3ea3cd84d9ce080922
-
SSDEEP
393216:3pC4606R60B8vYfZ9DfZ9DSK7SftLaeH+:sJOcPLPte
Score10/10-
Orcus
Orcus is a Remote Access Trojan that is being sold on underground forums.
-
Orcurs Rat Executable
-
Loads dropped DLL
-
-
-
Target
OrcusRAT-main/Uninstall.exe
-
Size
101KB
-
MD5
4143d3bb52f6ca4aea06d4ae15db611f
-
SHA1
be6b949ed7be8ce752b7343d56d9c3f96b25a0d3
-
SHA256
1ff448e9e456f5ad022c2bffb16e0e94eeb6346e8befab695ec0f369349a1a0a
-
SHA512
2a9befa77e042ea32358c8e3c40e67b3ebf618744634878393a7f7121484371dd62f5d981d0aaef2280bb1a574379271abaf249708ed49b893924fb521cbd2d2
-
SSDEEP
1536:zO/z6hPABUjO/Zd1716EoLiL4l1HdIaqQPDm0xK8i6f0Zn9PRVW8sW45o7Nkn:kzgjO/Zd1RePDmZ8tf05iW4uM
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
-
-
Target
OrcusRAT-main/libraries/AlphaChiTech.Virtualization.dll
-
Size
51KB
-
MD5
66c29815e0e824874e69342fe344d460
-
SHA1
0c50bf0f38d1577172e534483768368288a59753
-
SHA256
5a9296146dd3d0dca9507e59520c29ef9848cbd7599a95efe09c01fa1c894d8a
-
SHA512
be9649d8a7b21c4b784df91b6694f6f0ca698ca8484cb6232659123dbfc4908e1a74a100f43b34c9473d998d8565bc86dff3f46978e93c7fa9285128a97b096a
-
SSDEEP
1536:w57kU/A3fmKsyZWxRkHEYuMHsN5JdGoSoD2Rg2:w5EsyZtROFDmg2
Score1/10 -
-
-
Target
OrcusRAT-main/libraries/Be.Windows.Forms.HexBox.dll
-
Size
77KB
-
MD5
e00907b3d9270d4cca87c25ff30bcd02
-
SHA1
c59a191e9d0180530af19749b16f6382d410b322
-
SHA256
5448e587498c560ef1d8e182344bc340a57cfd3b05c4507c48da11e139035818
-
SHA512
73ee810bef992fab54cdb4ada648b2b32ba17f94076f3c079c57e97a0a62193a9a7d5745c454744b380bae2ba447b23556604765410929521260946ef73e7fb1
-
SSDEEP
1536:jcF2tarjL/jyH9oHPvH3f5rhZ3rmGAp16RHJjGccjOthSXlOhZnTFp8k7kXk5GLd:jhtt9oGjOt8XlOh/zziR
Score1/10 -
-
-
Target
OrcusRAT-main/libraries/CSCore.dll
-
Size
496KB
-
MD5
5e8fe2a84d3076f5d9815b77eb67d4f6
-
SHA1
c08f0f706520e1a32b0999bda032c90755f7d374
-
SHA256
fd3feefc62097ff785c7fdd524070e25fcaba7e4ce19f5480ecad695dd2a5405
-
SHA512
8a5e77aa6f31db39dae45dbb2dc45da717a065f6831552b0133f6defe6551e236226acfc5dfecc93dad1a3457720d8f85a985c71a7591d45755c3f8ff4740438
-
SSDEEP
6144:qgnuf8G18h9LKXYTD+XVyX6QgYC/f98+5JBO5blpIz0oG2th9i/J:qgFBKcDFXDgYC/f987Kz19i/
Score1/10 -
-
-
Target
OrcusRAT-main/libraries/Exceptionless.Extras.dll
-
Size
71KB
-
MD5
d3fcd5038079ef42e23ed39a86af5a31
-
SHA1
3977309df5b3ddc0218a800ee463ddcbcae7503e
-
SHA256
9d4ab0418d94d3c3d7025ecc1c70ce1762ee12aaa4d35666c2dc7887df53a537
-
SHA512
8535e4b5b7b61cf31fe69bd43eb2ba4c2a248a2f2a6efcf9b1ffc9cf4d39b67dcb687d45964054b3900f5aa21662b4acc91302f02e99e819ac6f5827a0d493d0
-
SSDEEP
1536:mB4/RmrDkeXDlc4n10Yf6vvB78MFG20es2A1OLv2Nvr838HVHHOU30fKFWHVyePD:m+/IXZTn1BjpemrPEXK7eASoC
Score1/10 -
-
-
Target
OrcusRAT-main/libraries/Exceptionless.Portable.dll
-
Size
678KB
-
MD5
6aba9f00d64371b940eedc21804ea9eb
-
SHA1
5fb0e520a23c780474b0866218c61ff55d083b3f
-
SHA256
22c949720dacd2dc19b7744185b18faf53dc18199c36af44158257a08ce7f3fd
-
SHA512
9166ff3cfd7adc334f3a98f4a40736c178a1c793f6ca264722bd1b962a3d059d88035eee1f45aab2b45a8692a13ef50c8e762c4c8600937b263fd7c2703185c0
-
SSDEEP
12288:js84bq85JQrVPvIxDlm1X4Qz9g35VF7Syj4pYoSpc9UM04uBrAaJZSPZZBrEK8eV:Y4rVImlzqVFWyj4pYoSpc9UM04uBrAa6
Score1/10 -
-
-
Target
OrcusRAT-main/libraries/Exceptionless.Wpf.dll
-
Size
26KB
-
MD5
609fbfcf1bea7ac58712764cb9e408f1
-
SHA1
6831a6338e056540c5305b192b726ea68413f6c2
-
SHA256
c14b8c33f9679cf4cf4f80d91698e3f40acdbd82d3b700a8b2813322e5e42ec3
-
SHA512
41bc3949421b2179e6208f3677264399f60f81bca69a9cf632e8e8ca4978710885674d76fa635b133b6638cad11813a33a538cbccde7cf482b7e61719e8ceaac
-
SSDEEP
384:SO6qmMxrZfvTOtDTjzImcOFz/Ym1T9yQT0B0Am9Z6budtzYi8LkbXgAZyTlaiA1W:8qfOtDbcsz/9NV66HYikQiLEnC
Score1/10 -
-
-
Target
OrcusRAT-main/libraries/FluentCommandLineParser.dll
-
Size
43KB
-
MD5
9b5e37f89268ccce0e098222004093ad
-
SHA1
30b12174abda6a420b2cc152b5c682ff8f106c37
-
SHA256
fe068b6f15a5423f86558927dd22ec35070c041db9cde1ecade0590d93ca5285
-
SHA512
23e8cbaa6103f5a76729ee8470b5b208d67be22c9b9fa78340055ac8ded04dc6147c8c50cde96f7c10b111f81cab3e5504227ac5b8f1a616c1a1384c6350257f
-
SSDEEP
768:U74t6uOtRT8HuJ071hEdOgaaGoCbvfkGujm:Gc6uOtRa/71UO1onLS
Score1/10 -
-
-
Target
OrcusRAT-main/libraries/GongSolutions.Wpf.DragDrop.dll
-
Size
53KB
-
MD5
dcb1b714646f72939969441ee16e3197
-
SHA1
294014a44415bfb8a0415e1c19c7e8763046ffc8
-
SHA256
7236cd133dc18064cd57028be5cca18708117c3082f5ca001cb69eaf596a578c
-
SHA512
2e2b6fa0918a59915165ed689f524576e94cb4f531c4eac58a74049a187bfdc6d87423150e26dd244bb9b4988b4017afc0b62865f5f686524f60e7512e35679c
-
SSDEEP
1536:nvzBUJUgtSMoY0Z9D24W5d7Oi8SXMocAdg17wr:nv0fkDngOi7cocAdnr
Score1/10 -
-
-
Target
OrcusRAT-main/libraries/ICSharpCode.AvalonEdit.dll
-
Size
592KB
-
MD5
d7467d0156f22feb4b22cc5f74d7bd60
-
SHA1
bcc1d959786ba4253491b67d448f97cf5ad709ed
-
SHA256
2bf6079c143f177d954731db2ffde515bee8fbd6261e0d338ba8e7c8df1ab658
-
SHA512
f13092a4154524226900c8f3089ef776932cae601cb21cc10af1111014aef97a1183a2344da3f5b8f5b9fbe8b4b420412d79b71e97a1b4ed2ec384b502ba1c28
-
SSDEEP
6144:64Gybj4PJqJZD0JOi0Av5+ENJzHLeDjN3kNHjoJAo7gOfwlflvuSn:6i4PwJZ1szeDjKRWwl5
Score1/10 -
-
-
Target
OrcusRAT-main/libraries/MahApps.Metro.dll
-
Size
918KB
-
MD5
fb1e8eee84791cc015e043ab0ce32bba
-
SHA1
42fb789011213635a7d022ba4fd5461a0d9a134d
-
SHA256
0de72da4bc2d16d39c30368af880d754fa0bd9745897652ba50213e589d265c5
-
SHA512
748af415c875cd5d44f305cf58060e7e66ef2ef041b6e86e3a76287a51af63116096eaed0877dc48c17da6594ad0c8dbf0ecadecb763dd469be8b6cc1d02d4a0
-
SSDEEP
12288:qADBZgu6aCRVudOz7A+H/uzylD/AcnnnnnnnnnnnnnnnnnnnnnnnGnknnnnnAMxg:qYMRMOzjuuF/AmHRNXmbJtV/
Score1/10 -
-
-
Target
OrcusRAT-main/libraries/Microsoft.Threading.Tasks.dll
-
Size
36KB
-
MD5
d01819bfe03222dfa9e35a36555b6b6c
-
SHA1
25f8069590b14724f28e6a04b8a42e4ef4a8562d
-
SHA256
5f29e16edff5379e93d5be9bee4cddf98132b84326027688511ac0f3157aaf94
-
SHA512
e63901f39315972e446768f2c14b4279cf1dd382f97ac90c444c4d858c2a486736a259c47245026b11e5c0846310e7da020bf2466ea91aa0a15d22cb67b37477
-
SSDEEP
384:AjCan21RTf1FuPIgbSVHfiWvoVZHL+8SChE+QNEv4USWyWcWZ1q//0GftpBjfuHk:A+e21RTrgbSpfihdvF4eg8iUHWTmlr+
Score1/10 -
-
-
Target
OrcusRAT-main/libraries/Mono.Cecil.dll
-
Size
274KB
-
MD5
6d6292bc8e698e53e69556add6f62442
-
SHA1
fab26eb07adab421797689da27ad754aa1c31810
-
SHA256
0f6465ce57a0cbabc37013c8e3c9f110672de1c127b6192177d59eb1c7809772
-
SHA512
f77c995857bf3c62bd87cce4246d9792d388af33664fbabf05bfcf574ae9332c45013697be7f698bff6cd33b02573abcbeae172b53c75979339e01123c61ae32
-
SSDEEP
6144:BaUU67x2AE6gaSTYUs8Nr/gaGGv8+iGKdJDkP0bAZ:biG8Nr/vv8+O
Score1/10 -