orcus

Sharing

Copy URL

Twitter E-mail

General

Target

Client.zip
Size

21.3MB
Sample

241119-3jv8bsvflh
MD5

c22e84299656f30bfe1151ddd8cb4099
SHA1

dc5765813f2c59caa935c52022e01a618bb6d9d7
SHA256

dd2b03dfe0e44f341463bcbde9db6967fba87d3797dfc950ab6610f936b980ab
SHA512

f6542edb098f782d90352dd5c9c208445195ef8c5e60753f0379086eb075c0f8ea73779d19d304ec72e02c0ce5e70850e827d33bcdda7e145ef122a06739f38f
SSDEEP

393216:TWDw7SzkdHCoHjzcZ4qrnZRgrnO5rG+1pRDwV1esq+2JBVFegypedcTmO9kaDbk/:is7SCHxDoyqrnDgrO5VvRcV1g+PpBTmn

Score

10^/10

Malware Config

Targets

- Target
  
  Orcus.Administration.exe
- Size
  
  3.9MB
- MD5
  
  d2ad90e1c4ca9ea13c31febb5424ad40
- SHA1
  
  fe6742914356f7e2b29430ec3f46d2343dac07aa
- SHA256
  
  ac5343d5eb944b51c8dee8adfb5975402199813230af90bb33c24f411c545b63
- SHA512
  
  6a049d35af887bb96a08165a25d693f3e0dbf40a91c1e1c9db4df56a04a2171836197c10058232918e333a8021c8c0a3f01f014997147b2c62acee900fe6e357
- SSDEEP
  
  49152:MO541QLPPV7Al40NVANW8cyTj/e1nsaLlZWneHAl4:MO1V7Al40NG48cyTC5LlZWneHAl4
Score

10^/10

discovery orcus rat spyware stealer
- Orcus
  Orcus is a Remote Access Trojan that is being sold on underground forums.
  rat spyware stealer orcus
- Orcus family
  orcus
- Orcurs Rat Executable
behavioral1 behavioral2
- Target
  
  libraries/OpusWrapper.dll
- Size
  
  844KB
- MD5
  
  f008ead479d72b81b946052e2a3d3268
- SHA1
  
  e11afd8e1c44a53293dd9660e9e6725f6b989001
- SHA256
  
  3b3a0ee42ba67e19a9e110e65bf9a91166cb7bb9415728f0e25e9be19bb2c7bb
- SHA512
  
  7f53c2c5771d1a2e800698f75e9e49e5cd57a931e99d404f9d9f8646b79cbb37115a790d6dc2ddf5c02e06adf173aa09def090fd7cf2f64735eca09c1a47d3b3
- SSDEEP
  
  12288:NvwskteKPwaLStzL8tkjzUwsksX7GSWYMl7oeQOSYIDbjclvQMrox:hIteKc58aQ7GSW9NHVOPjcl7r
Score

1^/10
behavioral3 behavioral4
- Target
  
  libraries/Orcus.Administration.Commands.dll
- Size
  
  174KB
- MD5
  
  55d21a9b5abe7100660c38f0d30f99e3
- SHA1
  
  a261c71bec1ab45da16e274dbad61deeaef9764f
- SHA256
  
  6461064dfc515b11792a035535110d58e35c22d8929c5efb29bb19416149bee4
- SHA512
  
  21b17e26ee18e0fd847dfd2edf04d369f061532469b524fcc1f9a02de1792523800383a86675fc2e0d21b638314a591054c0cce823267601a357b2973a8329c2
- SSDEEP
  
  1536:Q4Fz9hmCoWt6r9mMjMGmORg0B2uNoGTbRtf4sdQdYwU6By5M7A0y6/ml0FdeLQDh:UJmMjPB2uDTjAsdQal6A0uQDh
Score

1^/10
behavioral5 behavioral6
- Target
  
  libraries/Orcus.Administration.Core.dll
- Size
  
  178KB
- MD5
  
  b427339c5d50fcafaeef6e4428cccfcd
- SHA1
  
  fc2a05468bc01bdff7fd31a586e8e1bba6172519
- SHA256
  
  94c5402556567e23fc70aaf3737e5eabfc258fcdc4b2cbf6ba2286db69d43e7d
- SHA512
  
  cea262387d241b4c87822fcedbbcfe26d912a65fab49046372b4a6960d6529a2eacb5bb201a2fbdea754a0c955d33b013f5d5e2c466f961a00b49619e989ba73
- SSDEEP
  
  3072:J4SvS9AkY/LYr/AdWoqZ+PXa1OD/VbxNz2FcjGYAoJZ9trF7QCaQRqhydapvDIc:3q9oLY7AWZ+Pq4DFJyYASZ9trBQCawqu
Score

1^/10
behavioral7 behavioral8
- Target
  
  libraries/Orcus.Administration.FileExplorer.dll
- Size
  
  108KB
- MD5
  
  adfb15f7ff23404085c6d02982b7d99b
- SHA1
  
  02a8ef3f63f5234f7ce2255eaa2f1a140424b43b
- SHA256
  
  a4144e0d8eba9342aa3f3e1f1dbd8ac75bb9dae7158c94474403016988379285
- SHA512
  
  b137341e9affdcca8cd56b8c67a7e33aa6e008ac106ad2d5926656e72a854cbdf52ecf75e340f7fdcc202f8327b451a17a5f9ee234c16f33a3ceb126a96e6edf
- SSDEEP
  
  1536:Kr4M/N1tB/vs0ORWoQJ1zhDkTCtpHXT2uj2Oy3RwWSnB7JJ7llJ/7Zxn7FksolO:Kr4k3/SWd1ZkKhj2Yy3RKJb7Zxn7Fr1
Score

1^/10
behavioral10 behavioral9
- Target
  
  libraries/Orcus.Administration.Plugins.dll
- Size
  
  36KB
- MD5
  
  7c38013776bd26436033af86023b8385
- SHA1
  
  d69594a65fd6d6e8579baaac909616e95628a42a
- SHA256
  
  ac20526dcc5f410e9999e820238b0569858c47116dd2efe4ee14b9f9b9fb34ac
- SHA512
  
  f36dcac92dbc07ee3223f54f0558a832a3da25e45aa812089df660b21fcfc95993b654c3e4be43cf877fac95f126b311cf4a97a5a7f7de07c9b7f6c5400a3200
- SSDEEP
  
  768:wex7Uk+2OtxAbEX74rYqH5KC+t7qixpV:/Uz2OrEEL4Mq5Hz8V
Score

1^/10
behavioral11 behavioral12
- Target
  
  libraries/Orcus.Administration.Resources.dll
- Size
  
  13.2MB
- MD5
  
  e26d07d260ad0b02ef9eaa7c61a54130
- SHA1
  
  793c225984bbeeed054d297af4f872b72c51b0d8
- SHA256
  
  301edee7f8d3721afbdc7e82e46a3ef2d4385688ff5cf5811e3f77f6509a380a
- SHA512
  
  d194145b47524d568b6bb23933cc0250053a78639e2121b85d26adeabbfa70f208e9f3a967e919ff57ae0bd524b960e796819bb257a1a0b3ff9a98123ddea301
- SSDEEP
  
  196608:vP9Tpu5khY8vNMnjeEeypS3JCM8pC3mfZ9864ebjeEEmfZ986wnTbjeEZ+fx:QB8vNgWyKJCPpC2fZ9UebTfZ9UTb
Score

1^/10
behavioral13 behavioral14
- Target
  
  libraries/Orcus.Administration.ViewModels.dll
- Size
  
  514KB
- MD5
  
  ed964c9e104121c772d1ffebffdb184e
- SHA1
  
  b7353e663e672a7fb621c9944fdba0add6b1e39e
- SHA256
  
  367be0e8982ff4102061f4b45f0bdfca373943159ad1732ce1df6d129d568593
- SHA512
  
  33d1620ca8da70c0b3df5424419a258586d04663edd9d16de212c52973b226e6be79f5676f70d91eb3f2dd53ca80c822678f941feb850befbc98724802ee6f15
- SSDEEP
  
  6144:ma5tpp69sfyxzJVBNhPxknqfDOV61j3NxH9f29H9xkJlAEcR8NK2Wu3GW6nKtxL:dtppZk3TPxZ24F+98GhRSWzuL
Score

1^/10
behavioral15 behavioral16
- Target
  
  libraries/Orcus.Plugins.dll
- Size
  
  31KB
- MD5
  
  2104cfafefb5159a15a23049782c5b29
- SHA1
  
  c62e5ff315c3a714fad68aad640b254b460ae529
- SHA256
  
  a39388bfda8a584685cc8ad8f4e5d4fa7daf60845a12c7961a08dfd0ff5c9b47
- SHA512
  
  ea2a13b46c4ca4091df19e0e271c4c3ca39173251fc34824af5b349088e0ed6976df02de3647cd10ff61c609f66a99b12bc5e6e162374e07885e80153fcbf805
- SSDEEP
  
  768:Cq9CzWIysjcU83CDYAmVimzl3+vKu3cpxxl:A2T3kYJNzl3AKu3cpxxl
Score

1^/10
behavioral17 behavioral18
- Target
  
  libraries/Orcus.Shared.Utilities.dll
- Size
  
  48KB
- MD5
  
  b528d74926c46d184e881ddaafd54dbb
- SHA1
  
  d2e6201932a3c6d71a00ed790b96d3eed66ebb2f
- SHA256
  
  1d3c6a599ea27446264148c5dcb65c9d5629f61d1ff547bed36ec51acca2a0c8
- SHA512
  
  36f139818644fcfbd07e55d4e69e294402bf38b3c635a77eac3fdd5f60d5e6ddf483a96993a55916a88307b37d68c298dff0f06d45f83d969109eae0dea1b235
- SSDEEP
  
  768:U53jZB3t3vAs+aOtI9LxzQqzKzge1STU+wpqH2KB929+9HkPnk+54ezZx8A8W+hV:U57bPQ1bqH2GkPnVBvR+hudYD+hu/
Score

1^/10
behavioral19 behavioral20
- Target
  
  libraries/Orcus.Shared.dll
- Size
  
  343KB
- MD5
  
  c03907dceb7242716ad227ca98c5bdfb
- SHA1
  
  65bceeed707c4955a853f4ae2664c92aaa7fff26
- SHA256
  
  72c26547fbecc25f80e9d44b7ad692e64bb1c412017310547529124defb7fa8c
- SHA512
  
  9936eb4cb5bd830e711731209ec8bbd48e5384f9308ab567d465306c228ccd749ef7c82c32845f2f8d71deb1350fdffe1269fcee32a1873b750f0e067d22c12c
- SSDEEP
  
  6144:C8UuovXvYd1dPxUrg0hCwVgFVtQGfDNKJb8PyUblrtfm4Y:Cnuwepp0hCw8tQGfoJbg3blJe4Y
Score

1^/10
behavioral21 behavioral22
- Target
  
  libraries/Orcus.StaticCommands.dll
- Size
  
  71KB
- MD5
  
  3c905382e6e99cd1f922b78c1589a634
- SHA1
  
  4194afa084e7db8d9fe7a063d28a67e9142dcad5
- SHA256
  
  3c757f1c78f72400af3312606ea9523731c2bf33b293f10258c38bc470e84b0b
- SHA512
  
  cb048df416debf38b8a0929f55db9e4ca16047687284e66eee9999032129c3e96eabd984596e9287b0e13435eb089962b5db3bc8747e1004d610c6a594aacfc1
- SSDEEP
  
  1536:SWbzab+6x4Fip9bm5tNvIipLN1TcSUQ3r:tDFip9b6NgipR1TcSUQ7
Score

1^/10
behavioral23 behavioral24
- Target
  
  libraries/OxyPlot.Wpf.dll
- Size
  
  157KB
- MD5
  
  9f8b251f09a2c14c18b52be6359b3bf6
- SHA1
  
  1a498d7467a05aac25bbb2333b0730375a8ba8db
- SHA256
  
  212b0dcf8688c2a2092c7b605e973c98c5f67527832adad0aee459c79d182d2b
- SHA512
  
  ab4efd8b56059870c4ae099e79782f3db7592f453d03ab1db6b6c2df52bbf2c4d04e2f0d2eb81604582bcbac433e700ea1345c9181455f8378db512bfa489bd6
- SSDEEP
  
  3072:zO0czhby1/BLnIIUuAiF0onk8i8YXY5wdf9ZU5JZ55UxN4++E5D/FNcPyy7GK:Ce1/BDpUu7F0okmYXY5wdf9ZU5JZ55Ua
Score

1^/10
behavioral25 behavioral26
- Target
  
  libraries/OxyPlot.dll
- Size
  
  536KB
- MD5
  
  b5c0f9ea6d4d4c44172dc9d8770edd30
- SHA1
  
  6f7c1a7175e3ebd1800fc6ced7fd03486434cb9e
- SHA256
  
  bcad0cfecc043843008b4af27d74e4cf46638a06e5d9d8a7b09ffab6e5829a98
- SHA512
  
  83d199cc7cf1e4cd7167a6b11a045ce04d20b0f582008cde5344278651c5311dcb05a873dfd324c9601c13a0c2babd02f2f290df83445eb96ce869052083bc64
- SSDEEP
  
  12288:SChVpNEAvA+FNFjnYSebof/sT8iG4shCbCgNP:SChVpNr2Sebof/s/G4eMCgN
Score

1^/10
behavioral27 behavioral28
- Target
  
  libraries/SharpDX.DXGI.dll
- Size
  
  125KB
- MD5
  
  2b44c70c49b70d797fbb748158b5d9bb
- SHA1
  
  93e00e6527e461c45c7868d14cf05c007e478081
- SHA256
  
  3762d43c83af69cd38c9341a927ca6bd00f6bae8217c874d693047d6df4705bf
- SHA512
  
  faced62f6ecbfa2ee0d7a47e300302d23030d1f28758cbe9c442e9d8d4f8359c59088aa6237a28103e43d248c8efc7eeaf2c184028701b752df6cce92d6854d0
- SSDEEP
  
  1536:taSL4xpOaI0PXSgMkPXsHIrPQkrNCivO5Ib6VU3x8w85SMxcnqNojG5JW/UlibAs:taSLYpfI0fTtP8HIbQkreK
Score

1^/10
behavioral29 behavioral30
- Target
  
  libraries/SharpDX.Direct3D11.dll
- Size
  
  271KB
- MD5
  
  98eb5ba5871acdeaebf3a3b0f64be449
- SHA1
  
  c965284f60ef789b00b10b3df60ee682b4497de3
- SHA256
  
  d7617d926648849cbfef450b8f48e458ee52e2793fb2251a30094b778aa8848c
- SHA512
  
  a60025e304713d333e4b82b2d0be28087950688b049c98d2db5910c00b8d45b92e16d25ac8a58ff1318de019de3a9a00c7cbf8a6ad4b5bb1cb175dafa1b9bea2
- SSDEEP
  
  3072:6ccUvNf/AThDrcfiSDt0XN3ZDoyz91Sy0KwbwgG5OHDyGQsnHZ09K3vJqlQ1VcTS:zRfi+SmNgOHDyGQsucvJqW6Ts4dDjJZ
Score

1^/10
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Orcus family

Orcurs Rat Executable

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32