orcus | 481449cf6fc783f0ec2057882640f1952ceaf8c34ddcd26ed76d20654cb30374 | Triage

Submit
Reports

Overview

overview

Static

static

123123123qw3qew.exe

windows11-21h2-x64

Sharing

General

Target

123123123qw3qew.exe
Size

903KB
Sample

240921-bwm9psyere
MD5

ac40df4b922b8476be86ce4f3b4576d1
SHA1

b7b4ba3424288ae52178b0190574b252a7f9cdbe
SHA256

481449cf6fc783f0ec2057882640f1952ceaf8c34ddcd26ed76d20654cb30374
SHA512

579e71de8c28d0eebcb7324e298d110837f9d41423a77576fef21ee4044fe584c280b4c82a9c3da083885404b0148cc81b15d0b2f0b16bcc23407c91ee9966ab
SSDEEP

12288:hTUZ/Y95eo6L4ce7dG1lFlWcYT70pxnnaaoawZRVcTqSA+9rZNrI0AilFEvxHvBu:xqI4MROxnFMLqrZlI0AilFEvxHi9B

Score

10^/10

orcus discovery rat spyware stealer

Static task

static1

4 signatures

Behavioral task

behavioral1

Sample

123123123qw3qew.exe

Resource

win11-20240802-en

orcus discovery rat spyware stealer

windows11-21h2-x64

22 signatures

600 seconds

Malware Config

Extracted

Family

orcus

C2

act-predictions.gl.at.ply.gg:53002

Mutex

ccda6c301bcc4bffbcfcf707e51e3319

Attributes

autostart_method
Disable
enable_keylogger
false
install_path
%programfiles%\Orcus\Orcus.exe
reconnect_delay
10000
registry_keyname
Orcus
taskscheduler_taskname
Orcus
watchdog_path
AppData\OrcusWatchdog.exe

Targets

- Target
  
  123123123qw3qew.exe
- Size
  
  903KB
- MD5
  
  ac40df4b922b8476be86ce4f3b4576d1
- SHA1
  
  b7b4ba3424288ae52178b0190574b252a7f9cdbe
- SHA256
  
  481449cf6fc783f0ec2057882640f1952ceaf8c34ddcd26ed76d20654cb30374
- SHA512
  
  579e71de8c28d0eebcb7324e298d110837f9d41423a77576fef21ee4044fe584c280b4c82a9c3da083885404b0148cc81b15d0b2f0b16bcc23407c91ee9966ab
- SSDEEP
  
  12288:hTUZ/Y95eo6L4ce7dG1lFlWcYT70pxnnaaoawZRVcTqSA+9rZNrI0AilFEvxHvBu:xqI4MROxnFMLqrZlI0AilFEvxHi9B
Score

10^/10

orcus discovery rat spyware stealer
- Orcus
  Orcus is a Remote Access Trojan that is being sold on underground forums.
  rat spyware stealer orcus
- Orcus main payload
- Orcurs Rat Executable
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops desktop.ini file(s)
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

orcusdiscoveryratspywarestealer

© 2018-2024

Terms | Privacy