orcus | 4a5b24522b79e54b2c901946eb492dac5bf83631681a2d99b1f6b303268e0580 | Triage

Submit
Reports

Overview

overview

Static

static

snos.exe

windows7-x64

Resubmissions

03/10/2024, 21:19 UTC

241003-z6m9fsxcjn 10

03/10/2024, 21:14 UTC

241003-z3g82azhmb 10

03/10/2024, 21:10 UTC

241003-z1h3jszglg 10

03/10/2024, 21:03 UTC

241003-zv1emszeje 10

Sharing

General

Target

snos.exe
Size

916KB
Sample

241003-z1h3jszglg
MD5

defc2abbed64bb0a53c7b9fa04d9d114
SHA1

926cbb5e1d9ea1249aa034afa5d0e510322b5ee6
SHA256

4a5b24522b79e54b2c901946eb492dac5bf83631681a2d99b1f6b303268e0580
SHA512

00084691a0ae0c52aac630a1fca9bca0fb245ad4597c99b12016119ce289500002c6b23e47bfcd2bc220c26068615c972b8e5551b0b3dd721fd06c6387e0d842
SSDEEP

24576:NVWC4MROxnFD3krXYf1rrcI0AilFEvxHPdmoo6:NqMiJtrrcI0AilFEvxHP

Score

10^/10

orcus discovery rat spyware stealer

Static task

static1

4 signatures

Behavioral task

behavioral1

Sample

snos.exe

Resource

win7-20240704-en

orcus discovery rat spyware stealer

windows7-x64

21 signatures

150 seconds

Malware Config

Extracted

Family

orcus

C2

45.200.148.205:10134

Mutex

2857e61aa1024db89df5be17078af5ab

Attributes

autostart_method
TaskScheduler
enable_keylogger
false
install_path
%programfiles%\sistemwinhost\winhost1235.exe
reconnect_delay
10000
registry_keyname
registry
taskscheduler_taskname
registre
watchdog_path
AppData\Servicemanagaer.exe

Targets

- Target
  
  snos.exe
- Size
  
  916KB
- MD5
  
  defc2abbed64bb0a53c7b9fa04d9d114
- SHA1
  
  926cbb5e1d9ea1249aa034afa5d0e510322b5ee6
- SHA256
  
  4a5b24522b79e54b2c901946eb492dac5bf83631681a2d99b1f6b303268e0580
- SHA512
  
  00084691a0ae0c52aac630a1fca9bca0fb245ad4597c99b12016119ce289500002c6b23e47bfcd2bc220c26068615c972b8e5551b0b3dd721fd06c6387e0d842
- SSDEEP
  
  24576:NVWC4MROxnFD3krXYf1rrcI0AilFEvxHPdmoo6:NqMiJtrrcI0AilFEvxHP
Score

10^/10

orcus discovery rat spyware stealer
- Orcus
  Orcus is a Remote Access Trojan that is being sold on underground forums.
  rat spyware stealer orcus
- Orcus main payload
- Orcurs Rat Executable
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

Query Registry

Remote System Discovery

System Information Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

orcusdiscoveryratspywarestealer

© 2018-2025

Terms | Privacy

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.