orcus | c57286a7db82264844714682f943fdd9f816eaa27ca1a500514cea13466e85e4

Sharing

Copy URL

Twitter E-mail

General

Target

c57286a7db82264844714682f943fdd9f816eaa27ca1a500514cea13466e85e4
Size

21.5MB
Sample

240914-syeh1s1grg
MD5

6a281f5b19c198b9b3a90b504ceb62e3
SHA1

beb3c591ba97f5195baa462f368110b7983502cd
SHA256

c57286a7db82264844714682f943fdd9f816eaa27ca1a500514cea13466e85e4
SHA512

60e0653e1f08eb2492c4f5350f4fa78b50266d5e6712ad1248eeb5c8f64cf7a90d3419127c8ea15f22185b62e9d1acac5e9d91e0cb9b10b889e81d9c78a77fc3
SSDEEP

393216:5IiEfq37WxfnRYAnYrmyO4oVATLSyPpK2alqYMnIO75Rsqh+CWgttD2q:5Ii2y72fRYzOhV5gKtenImjHWXq

Score

10^/10

orcus discovery

Malware Config

Targets

- Target
  
  Orcus 1.9.1 Anti-Takedown/Modded Client/Orcus.Administration.exe
- Size
  
  3.9MB
- MD5
  
  89b5a894e1be53180ce0140c297243d1
- SHA1
  
  994a922f740aceeadc131d46a3222175dcabb34d
- SHA256
  
  3769da1b19b76f2add402efa5d30aff0e3244b9b7ff279737a0d5b374b19bdce
- SHA512
  
  61af82c3563224c98f84f3e316216f565a103f9b1e8ff52094f988ed3207dddcde0eb6ec7faf55a08317695f11dd6874cecf05d0fb080d0f86b9a0e65ae06d90
- SSDEEP
  
  49152:g1jDkV7F/Al4gU97zCvyRtQ5SH1veaEXitFQL6tAl4:g1jDk7/Al4gU97zCvyRC5SBemAl4
Score

3^/10

discovery
behavioral1 behavioral2
- Target
  
  Orcus 1.9.1 Anti-Takedown/Modded Client/libraries/AForge.Video.DirectShow.dll
- Size
  
  60KB
- MD5
  
  17ed442e8485ac3f7dc5b3c089654a61
- SHA1
  
  d3a17c1fdd6d54951141053f88bf8238dea0b937
- SHA256
  
  666d44798d94eafa1ed21af79e9bc0293ffd96f863ab5d87f78bcee9ef9ffd6b
- SHA512
  
  9118bf11760354e9971ae8b27f7f6a405e46145b39ca6e6b413cb2e729e51304b895965e9140f66c9e3ef7caa4f344762bf059688b23dd32e4c2df271394fea2
- SSDEEP
  
  1536:XwumrikcyTpOKVi+Dqp6viPUCcvKWz3NTpAK+7KI4v8U:6dOKViKa6pOWbhpAKyKIVU
Score

1^/10
behavioral3 behavioral4
- Target
  
  Orcus 1.9.1 Anti-Takedown/Modded Client/libraries/AForge.Video.dll
- Size
  
  20KB
- MD5
  
  0bd34aa29c7ea4181900797395a6da78
- SHA1
  
  ddffdcef29daddc36ca7d8ae2c8e01c1c8bb23a8
- SHA256
  
  bafa6ed04ca2782270074127a0498dde022c2a9f4096c6bb2b8e3c08bb3d404d
- SHA512
  
  a3734660c0aba1c2b27ab55f9e578371b56c82754a3b7cfd01e68c88967c8dada8d202260220831f1d1039a5a35bd1a67624398e689702481ac056d1c1ddcdb0
- SSDEEP
  
  384:Wu9f/hWFwLX+WJ7gfZLTswhHDlOdKaCxkyf0l:HfpZL9uxE9Cxd8l
Score

1^/10
behavioral5 behavioral6
- Target
  
  Orcus 1.9.1 Anti-Takedown/Modded Client/libraries/Be.Windows.Forms.HexBox.dll
- Size
  
  77KB
- MD5
  
  e00907b3d9270d4cca87c25ff30bcd02
- SHA1
  
  c59a191e9d0180530af19749b16f6382d410b322
- SHA256
  
  5448e587498c560ef1d8e182344bc340a57cfd3b05c4507c48da11e139035818
- SHA512
  
  73ee810bef992fab54cdb4ada648b2b32ba17f94076f3c079c57e97a0a62193a9a7d5745c454744b380bae2ba447b23556604765410929521260946ef73e7fb1
- SSDEEP
  
  1536:jcF2tarjL/jyH9oHPvH3f5rhZ3rmGAp16RHJjGccjOthSXlOhZnTFp8k7kXk5GLd:jhtt9oGjOt8XlOh/zziR
Score

1^/10
behavioral7 behavioral8
- Target
  
  Orcus 1.9.1 Anti-Takedown/Modded Client/libraries/CSCore.dll
- Size
  
  516KB
- MD5
  
  dde3ec6e17bc518b10c99efbd09ab72e
- SHA1
  
  a2306e60b74b8a01a0dbc1199a7fffca288f2033
- SHA256
  
  60a5077b443273238e6629ce5fc3ff7ee3592ea2e377b8fc28bfe6e76bda64b8
- SHA512
  
  09a528c18291980ca7c5ddca67625035bbb21b9d95ab0854670d28c59c4e7adc6d13a356fa1d2c9ad75d16b334ae9818e06ddb10408a3e776e4ef0d7b295f877
- SSDEEP
  
  6144:oBn0d6yfQwqLCz3B4Nwdp0NzEqPMbnQmko+pla/bIyefXzFoG2s7XH6:oBnqfiLyB4Nwdd3rX7g0oz9X
Score

1^/10
behavioral10 behavioral9
- Target
  
  Orcus 1.9.1 Anti-Takedown/Modded Client/libraries/DirectoryInfoEx.dll
- Size
  
  224KB
- MD5
  
  314955d214bb02847e7f8607a16ec550
- SHA1
  
  c471e2948d0cd1d4a11902a134735f00cd78c0c1
- SHA256
  
  82fd40348eb630313d5032910d021ebd982fdde086fbe73ba8947a6d2cb40357
- SHA512
  
  0ea2457db279159c1983455eee50a69305a151c012b9948950d038c101efc08a00da1f456a76a4351770684783c2e01a536ea194bb7f586865865d90d6dbb8de
- SSDEEP
  
  3072:ue4PnMTtdrkD4u5wrT/ISpzM/p90brGp+2vQM1O4VzXOf6l/R5XKpJG6mzpF0qq:ue4PnMTjkD4XcYAsqp+ffCzXewRVD0
Score

1^/10
behavioral11 behavioral12
- Target
  
  Orcus 1.9.1 Anti-Takedown/Modded Client/libraries/Exceptionless.Signed.dll
- Size
  
  722KB
- MD5
  
  1b0128f8b2bf3aafec28817c2031dc70
- SHA1
  
  b3ae68cb40a7fa82105e82d292d3e037f1a8d50f
- SHA256
  
  98672dfd5c31b77afebc9853539a828836ec72e7d9b0d5f5f5267ad2ebda16ba
- SHA512
  
  40e340ef2ed967aa055fd053c80b69a09404a70e97a63aec5598c992c907ac2af40934b6cc81c0980291ab4e89ec16e6eb47e7bc0fb587b4bc2c13d8e26497d7
- SSDEEP
  
  12288:zEVDjdxJsjvEk8Zmj0fFK0KpaNDdUdnU7Y7fByyiVrEuRp:zETsjvEjmj0fohkUTfByyiVrEuH
Score

1^/10
behavioral13 behavioral14
- Target
  
  Orcus 1.9.1 Anti-Takedown/Modded Client/libraries/Exceptionless.Wpf.Signed.dll
- Size
  
  25KB
- MD5
  
  ef36a316751603cdcb9c3f5da42b3b60
- SHA1
  
  29a40cb67bb07e53a6bd28362f3912050f1ddd18
- SHA256
  
  78fdd30a20ee50f88602059f0940acc92d9bfc09bc5ebebe99372d2a5af7342a
- SHA512
  
  c5efc98b648d7c946f13b2e9af1cb46eae5522a4f17482fd9fa3c95551f0e53d2a9abb4a29959652626a8df4430ddf41c2adaf95d281474a77d1307657fbec33
- SSDEEP
  
  384:nfoIgNjjnx1hkuPwfkaNOAsL6L2pNLxrZfvTOtDTjzImcOFz/Ym1T9yQT0B0Am9d:nfodjjx/iLsBOtDbcsz/9NV66n
Score

1^/10
behavioral15 behavioral16
- Target
  
  Orcus 1.9.1 Anti-Takedown/Modded Client/libraries/FluentCommandLineParser.dll
- Size
  
  43KB
- MD5
  
  9b5e37f89268ccce0e098222004093ad
- SHA1
  
  30b12174abda6a420b2cc152b5c682ff8f106c37
- SHA256
  
  fe068b6f15a5423f86558927dd22ec35070c041db9cde1ecade0590d93ca5285
- SHA512
  
  23e8cbaa6103f5a76729ee8470b5b208d67be22c9b9fa78340055ac8ded04dc6147c8c50cde96f7c10b111f81cab3e5504227ac5b8f1a616c1a1384c6350257f
- SSDEEP
  
  768:U74t6uOtRT8HuJ071hEdOgaaGoCbvfkGujm:Gc6uOtRa/71UO1onLS
Score

1^/10
behavioral17 behavioral18
- Target
  
  Orcus 1.9.1 Anti-Takedown/Modded Client/libraries/GongSolutions.Wpf.DragDrop.dll
- Size
  
  66KB
- MD5
  
  21e4c0b33f44d13cdf91b4faf828c044
- SHA1
  
  13b8f124a0ad69b135da714d2cc656923ebd66e1
- SHA256
  
  508e1187d1a42cf9d7a2d7eab9012fc1fd75a24b6d94d9fa636d81dc38c4fcbb
- SHA512
  
  f96c12db8626850fd6ec243f68f8c6e7834e53effa8afa2365d136531d3b4008546cf9921dd5118a1f3dad176f34fad4aca03d3cfb617875c63316350693ae25
- SSDEEP
  
  1536:v09/965EKFbiJADfIUqW6C/hZWWlM1BLwt1z9Sbinb:vW9zoIA0LYZWLTLwt1Ibib
Score

1^/10
behavioral19 behavioral20
- Target
  
  Orcus 1.9.1 Anti-Takedown/Modded Client/libraries/ICSharpCode.AvalonEdit.dll
- Size
  
  592KB
- MD5
  
  d7467d0156f22feb4b22cc5f74d7bd60
- SHA1
  
  bcc1d959786ba4253491b67d448f97cf5ad709ed
- SHA256
  
  2bf6079c143f177d954731db2ffde515bee8fbd6261e0d338ba8e7c8df1ab658
- SHA512
  
  f13092a4154524226900c8f3089ef776932cae601cb21cc10af1111014aef97a1183a2344da3f5b8f5b9fbe8b4b420412d79b71e97a1b4ed2ec384b502ba1c28
- SSDEEP
  
  6144:64Gybj4PJqJZD0JOi0Av5+ENJzHLeDjN3kNHjoJAo7gOfwlflvuSn:6i4PwJZ1szeDjKRWwl5
Score

1^/10
behavioral21 behavioral22
- Target
  
  Orcus 1.9.1 Anti-Takedown/Modded Client/libraries/ICSharpCode.SharpZipLib.dll
- Size
  
  196KB
- MD5
  
  c8164876b6f66616d68387443621510c
- SHA1
  
  7a9df9c25d49690b6a3c451607d311a866b131f4
- SHA256
  
  40b3d590f95191f3e33e5d00e534fa40f823d9b1bb2a9afe05f139c4e0a3af8d
- SHA512
  
  44a6accc70c312a16d0e533d3287e380997c5e5d610dbeaa14b2dbb5567f2c41253b895c9817ecd96c85d286795bbe6ab35fd2352fddd9d191669a2fb0774bc4
- SSDEEP
  
  3072:hjMibqfQqFyGCDXiW9Pp/+Tl4abpuu201PB1BBXIDwtqSPVINrAfvp1:GibqI59PpOPf201/z7p
Score

1^/10
behavioral23 behavioral24
- Target
  
  Orcus 1.9.1 Anti-Takedown/Modded Client/libraries/Lidgren.Network.dll
- Size
  
  117KB
- MD5
  
  a6fdc03e2cbdfa9d393512606097a1ff
- SHA1
  
  c63933c082d282a284250deceb51d0d300647fe7
- SHA256
  
  bf9948c27bd2947a42ea51ccc63b93f2b9030bd117393e1d7637a5770b9b0776
- SHA512
  
  2ec59fd17cd34741ab8d0ef0d8ef3533ef38b03e98d65bb1a19940349b16e47142b0d407946cb05bfc63d7859c1472c0906a72be0e1dcee0c170b80270ad6ca2
- SSDEEP
  
  3072:vmwfq+PlFS1gh72NkCM9eu3JcCDMFfXZkHhKQ6u80y8/ko1r8ApI9G:uaVh7CTu3iI/NJe
Score

1^/10
behavioral25 behavioral26
- Target
  
  Orcus 1.9.1 Anti-Takedown/Modded Client/libraries/MahApps.Metro.IconPacks.Material.dll
- Size
  
  1.1MB
- MD5
  
  d8e627aadfb6dfed292be0672faa9f15
- SHA1
  
  2a7f51711bffd75ecb2d7ff2f510c89eecd16366
- SHA256
  
  97f4ca8c89ee13b8c249ca6f929d067ba3e87be07b4afa372fdc0a7e9e6e78e1
- SHA512
  
  d5139830d367a29e76ca260d9b17955cff80f1779c157551642f7e13d9abd265335ba0bbda433e8898042d482f29d79c48683fede4b8af746b69a7dfcd02098c
- SSDEEP
  
  6144:z40kYmQYwygR8Vi3vTZ20kuCcrY5eakqF09HfnmnygreJrextoqQpddv0dxHde:MpYm
Score

1^/10
behavioral27 behavioral28
- Target
  
  Orcus 1.9.1 Anti-Takedown/Modded Client/libraries/MahApps.Metro.dll
- Size
  
  1020KB
- MD5
  
  63a79e31b7bc52bb9aec3a747cbb63fe
- SHA1
  
  dc62080001c75242dee8686b6d8078efcb37e2a7
- SHA256
  
  fb5fae42fcc19f3fe3ed2d9b1fdf0594a4c442148b58ac4d2a9dafdda847e673
- SHA512
  
  3af468554238df0807e25446fe028e9de381d3b0086edd8d9ff1aab52bb8986a9dddb5618d2a4f6d1aa6011187bcda4cd1858bf72d4a8bdf253c350bd0292b32
- SSDEEP
  
  24576:67VgpmKf/Yuhd57OytB4052NWxV/5Tk1:y+DB40RxV/O1
Score

1^/10
behavioral29 behavioral30
- Target
  
  Orcus 1.9.1 Anti-Takedown/Modded Client/libraries/Microsoft.Threading.Tasks.dll
- Size
  
  36KB
- MD5
  
  d01819bfe03222dfa9e35a36555b6b6c
- SHA1
  
  25f8069590b14724f28e6a04b8a42e4ef4a8562d
- SHA256
  
  5f29e16edff5379e93d5be9bee4cddf98132b84326027688511ac0f3157aaf94
- SHA512
  
  e63901f39315972e446768f2c14b4279cf1dd382f97ac90c444c4d858c2a486736a259c47245026b11e5c0846310e7da020bf2466ea91aa0a15d22cb67b37477
- SSDEEP
  
  384:AjCan21RTf1FuPIgbSVHfiWvoVZHL+8SChE+QNEv4USWyWcWZ1q//0GftpBjfuHk:A+e21RTrgbSpfihdvF4eg8iUHWTmlr+
Score

1^/10
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32