Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

Orcus.Admi...on.exe

windows7-x64

3

Orcus.Admi...on.exe

windows10-2004-x64

10

libraries/...er.dll

windows7-x64

1

libraries/...er.dll

windows10-2004-x64

1

libraries/...ds.dll

windows7-x64

1

libraries/...ds.dll

windows10-2004-x64

1

libraries/...re.dll

windows7-x64

1

libraries/...re.dll

windows10-2004-x64

1

libraries/...er.dll

windows7-x64

1

libraries/...er.dll

windows10-2004-x64

1

libraries/...ns.dll

windows7-x64

1

libraries/...ns.dll

windows10-2004-x64

1

libraries/...es.dll

windows7-x64

1

libraries/...es.dll

windows10-2004-x64

1

libraries/...ls.dll

windows7-x64

1

libraries/...ls.dll

windows10-2004-x64

1

libraries/...ns.dll

windows7-x64

1

libraries/...ns.dll

windows10-2004-x64

1

libraries/...es.dll

windows7-x64

1

libraries/...es.dll

windows10-2004-x64

1

libraries/...ed.dll

windows7-x64

1

libraries/...ed.dll

windows10-2004-x64

1

libraries/...ds.dll

windows7-x64

1

libraries/...ds.dll

windows10-2004-x64

1

libraries/...pf.dll

windows7-x64

1

libraries/...pf.dll

windows10-2004-x64

1

libraries/OxyPlot.dll

windows7-x64

1

libraries/OxyPlot.dll

windows10-2004-x64

1

libraries/...GI.dll

windows7-x64

1

libraries/...GI.dll

windows10-2004-x64

1

libraries/...11.dll

windows7-x64

1

libraries/...11.dll

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Client.zip

  • Size

    21.3MB

  • Sample

    241119-3jv8bsvflh

  • MD5

    c22e84299656f30bfe1151ddd8cb4099

  • SHA1

    dc5765813f2c59caa935c52022e01a618bb6d9d7

  • SHA256

    dd2b03dfe0e44f341463bcbde9db6967fba87d3797dfc950ab6610f936b980ab

  • SHA512

    f6542edb098f782d90352dd5c9c208445195ef8c5e60753f0379086eb075c0f8ea73779d19d304ec72e02c0ce5e70850e827d33bcdda7e145ef122a06739f38f

  • SSDEEP

    393216:TWDw7SzkdHCoHjzcZ4qrnZRgrnO5rG+1pRDwV1esq+2JBVFegypedcTmO9kaDbk/:is7SCHxDoyqrnDgrO5VvRcV1g+PpBTmn

Score
10/10
orcusdiscoveryratspywarestealer

Malware Config

Targets

    • Target

      Orcus.Administration.exe

    • Size

      3.9MB

    • MD5

      d2ad90e1c4ca9ea13c31febb5424ad40

    • SHA1

      fe6742914356f7e2b29430ec3f46d2343dac07aa

    • SHA256

      ac5343d5eb944b51c8dee8adfb5975402199813230af90bb33c24f411c545b63

    • SHA512

      6a049d35af887bb96a08165a25d693f3e0dbf40a91c1e1c9db4df56a04a2171836197c10058232918e333a8021c8c0a3f01f014997147b2c62acee900fe6e357

    • SSDEEP

      49152:MO541QLPPV7Al40NVANW8cyTj/e1nsaLlZWneHAl4:MO1V7Al40NG48cyTC5LlZWneHAl4

    Score
    10/10
    discoveryorcusratspywarestealer

    • Orcus

      Orcus is a Remote Access Trojan that is being sold on underground forums.

      ratspywarestealerorcus

    • Orcus family

      orcus

    • Orcurs Rat Executable

    behavioral1behavioral2

    • Target

      libraries/OpusWrapper.dll

    • Size

      844KB

    • MD5

      f008ead479d72b81b946052e2a3d3268

    • SHA1

      e11afd8e1c44a53293dd9660e9e6725f6b989001

    • SHA256

      3b3a0ee42ba67e19a9e110e65bf9a91166cb7bb9415728f0e25e9be19bb2c7bb

    • SHA512

      7f53c2c5771d1a2e800698f75e9e49e5cd57a931e99d404f9d9f8646b79cbb37115a790d6dc2ddf5c02e06adf173aa09def090fd7cf2f64735eca09c1a47d3b3

    • SSDEEP

      12288:NvwskteKPwaLStzL8tkjzUwsksX7GSWYMl7oeQOSYIDbjclvQMrox:hIteKc58aQ7GSW9NHVOPjcl7r

    Score
    1/10
    behavioral3behavioral4

    • Target

      libraries/Orcus.Administration.Commands.dll

    • Size

      174KB

    • MD5

      55d21a9b5abe7100660c38f0d30f99e3

    • SHA1

      a261c71bec1ab45da16e274dbad61deeaef9764f

    • SHA256

      6461064dfc515b11792a035535110d58e35c22d8929c5efb29bb19416149bee4

    • SHA512

      21b17e26ee18e0fd847dfd2edf04d369f061532469b524fcc1f9a02de1792523800383a86675fc2e0d21b638314a591054c0cce823267601a357b2973a8329c2

    • SSDEEP

      1536:Q4Fz9hmCoWt6r9mMjMGmORg0B2uNoGTbRtf4sdQdYwU6By5M7A0y6/ml0FdeLQDh:UJmMjPB2uDTjAsdQal6A0uQDh

    Score
    1/10
    behavioral5behavioral6

    • Target

      libraries/Orcus.Administration.Core.dll

    • Size

      178KB

    • MD5

      b427339c5d50fcafaeef6e4428cccfcd

    • SHA1

      fc2a05468bc01bdff7fd31a586e8e1bba6172519

    • SHA256

      94c5402556567e23fc70aaf3737e5eabfc258fcdc4b2cbf6ba2286db69d43e7d

    • SHA512

      cea262387d241b4c87822fcedbbcfe26d912a65fab49046372b4a6960d6529a2eacb5bb201a2fbdea754a0c955d33b013f5d5e2c466f961a00b49619e989ba73

    • SSDEEP

      3072:J4SvS9AkY/LYr/AdWoqZ+PXa1OD/VbxNz2FcjGYAoJZ9trF7QCaQRqhydapvDIc:3q9oLY7AWZ+Pq4DFJyYASZ9trBQCawqu

    Score
    1/10
    behavioral7behavioral8

    • Target

      libraries/Orcus.Administration.FileExplorer.dll

    • Size

      108KB

    • MD5

      adfb15f7ff23404085c6d02982b7d99b

    • SHA1

      02a8ef3f63f5234f7ce2255eaa2f1a140424b43b

    • SHA256

      a4144e0d8eba9342aa3f3e1f1dbd8ac75bb9dae7158c94474403016988379285

    • SHA512

      b137341e9affdcca8cd56b8c67a7e33aa6e008ac106ad2d5926656e72a854cbdf52ecf75e340f7fdcc202f8327b451a17a5f9ee234c16f33a3ceb126a96e6edf

    • SSDEEP

      1536:Kr4M/N1tB/vs0ORWoQJ1zhDkTCtpHXT2uj2Oy3RwWSnB7JJ7llJ/7Zxn7FksolO:Kr4k3/SWd1ZkKhj2Yy3RKJb7Zxn7Fr1

    Score
    1/10
    behavioral10behavioral9

    • Target

      libraries/Orcus.Administration.Plugins.dll

    • Size

      36KB

    • MD5

      7c38013776bd26436033af86023b8385

    • SHA1

      d69594a65fd6d6e8579baaac909616e95628a42a

    • SHA256

      ac20526dcc5f410e9999e820238b0569858c47116dd2efe4ee14b9f9b9fb34ac

    • SHA512

      f36dcac92dbc07ee3223f54f0558a832a3da25e45aa812089df660b21fcfc95993b654c3e4be43cf877fac95f126b311cf4a97a5a7f7de07c9b7f6c5400a3200

    • SSDEEP

      768:wex7Uk+2OtxAbEX74rYqH5KC+t7qixpV:/Uz2OrEEL4Mq5Hz8V

    Score
    1/10
    behavioral11behavioral12

    • Target

      libraries/Orcus.Administration.Resources.dll

    • Size

      13.2MB

    • MD5

      e26d07d260ad0b02ef9eaa7c61a54130

    • SHA1

      793c225984bbeeed054d297af4f872b72c51b0d8

    • SHA256

      301edee7f8d3721afbdc7e82e46a3ef2d4385688ff5cf5811e3f77f6509a380a

    • SHA512

      d194145b47524d568b6bb23933cc0250053a78639e2121b85d26adeabbfa70f208e9f3a967e919ff57ae0bd524b960e796819bb257a1a0b3ff9a98123ddea301

    • SSDEEP

      196608:vP9Tpu5khY8vNMnjeEeypS3JCM8pC3mfZ9864ebjeEEmfZ986wnTbjeEZ+fx:QB8vNgWyKJCPpC2fZ9UebTfZ9UTb

    Score
    1/10
    behavioral13behavioral14

    • Target

      libraries/Orcus.Administration.ViewModels.dll

    • Size

      514KB

    • MD5

      ed964c9e104121c772d1ffebffdb184e

    • SHA1

      b7353e663e672a7fb621c9944fdba0add6b1e39e

    • SHA256

      367be0e8982ff4102061f4b45f0bdfca373943159ad1732ce1df6d129d568593

    • SHA512

      33d1620ca8da70c0b3df5424419a258586d04663edd9d16de212c52973b226e6be79f5676f70d91eb3f2dd53ca80c822678f941feb850befbc98724802ee6f15

    • SSDEEP

      6144:ma5tpp69sfyxzJVBNhPxknqfDOV61j3NxH9f29H9xkJlAEcR8NK2Wu3GW6nKtxL:dtppZk3TPxZ24F+98GhRSWzuL

    Score
    1/10
    behavioral15behavioral16

    • Target

      libraries/Orcus.Plugins.dll

    • Size

      31KB

    • MD5

      2104cfafefb5159a15a23049782c5b29

    • SHA1

      c62e5ff315c3a714fad68aad640b254b460ae529

    • SHA256

      a39388bfda8a584685cc8ad8f4e5d4fa7daf60845a12c7961a08dfd0ff5c9b47

    • SHA512

      ea2a13b46c4ca4091df19e0e271c4c3ca39173251fc34824af5b349088e0ed6976df02de3647cd10ff61c609f66a99b12bc5e6e162374e07885e80153fcbf805

    • SSDEEP

      768:Cq9CzWIysjcU83CDYAmVimzl3+vKu3cpxxl:A2T3kYJNzl3AKu3cpxxl

    Score
    1/10
    behavioral17behavioral18

    • Target

      libraries/Orcus.Shared.Utilities.dll

    • Size

      48KB

    • MD5

      b528d74926c46d184e881ddaafd54dbb

    • SHA1

      d2e6201932a3c6d71a00ed790b96d3eed66ebb2f

    • SHA256

      1d3c6a599ea27446264148c5dcb65c9d5629f61d1ff547bed36ec51acca2a0c8

    • SHA512

      36f139818644fcfbd07e55d4e69e294402bf38b3c635a77eac3fdd5f60d5e6ddf483a96993a55916a88307b37d68c298dff0f06d45f83d969109eae0dea1b235

    • SSDEEP

      768:U53jZB3t3vAs+aOtI9LxzQqzKzge1STU+wpqH2KB929+9HkPnk+54ezZx8A8W+hV:U57bPQ1bqH2GkPnVBvR+hudYD+hu/

    Score
    1/10
    behavioral19behavioral20

    • Target

      libraries/Orcus.Shared.dll

    • Size

      343KB

    • MD5

      c03907dceb7242716ad227ca98c5bdfb

    • SHA1

      65bceeed707c4955a853f4ae2664c92aaa7fff26

    • SHA256

      72c26547fbecc25f80e9d44b7ad692e64bb1c412017310547529124defb7fa8c

    • SHA512

      9936eb4cb5bd830e711731209ec8bbd48e5384f9308ab567d465306c228ccd749ef7c82c32845f2f8d71deb1350fdffe1269fcee32a1873b750f0e067d22c12c

    • SSDEEP

      6144:C8UuovXvYd1dPxUrg0hCwVgFVtQGfDNKJb8PyUblrtfm4Y:Cnuwepp0hCw8tQGfoJbg3blJe4Y

    Score
    1/10
    behavioral21behavioral22

    • Target

      libraries/Orcus.StaticCommands.dll

    • Size

      71KB

    • MD5

      3c905382e6e99cd1f922b78c1589a634

    • SHA1

      4194afa084e7db8d9fe7a063d28a67e9142dcad5

    • SHA256

      3c757f1c78f72400af3312606ea9523731c2bf33b293f10258c38bc470e84b0b

    • SHA512

      cb048df416debf38b8a0929f55db9e4ca16047687284e66eee9999032129c3e96eabd984596e9287b0e13435eb089962b5db3bc8747e1004d610c6a594aacfc1

    • SSDEEP

      1536:SWbzab+6x4Fip9bm5tNvIipLN1TcSUQ3r:tDFip9b6NgipR1TcSUQ7

    Score
    1/10
    behavioral23behavioral24

    • Target

      libraries/OxyPlot.Wpf.dll

    • Size

      157KB

    • MD5

      9f8b251f09a2c14c18b52be6359b3bf6

    • SHA1

      1a498d7467a05aac25bbb2333b0730375a8ba8db

    • SHA256

      212b0dcf8688c2a2092c7b605e973c98c5f67527832adad0aee459c79d182d2b

    • SHA512

      ab4efd8b56059870c4ae099e79782f3db7592f453d03ab1db6b6c2df52bbf2c4d04e2f0d2eb81604582bcbac433e700ea1345c9181455f8378db512bfa489bd6

    • SSDEEP

      3072:zO0czhby1/BLnIIUuAiF0onk8i8YXY5wdf9ZU5JZ55UxN4++E5D/FNcPyy7GK:Ce1/BDpUu7F0okmYXY5wdf9ZU5JZ55Ua

    Score
    1/10
    behavioral25behavioral26

    • Target

      libraries/OxyPlot.dll

    • Size

      536KB

    • MD5

      b5c0f9ea6d4d4c44172dc9d8770edd30

    • SHA1

      6f7c1a7175e3ebd1800fc6ced7fd03486434cb9e

    • SHA256

      bcad0cfecc043843008b4af27d74e4cf46638a06e5d9d8a7b09ffab6e5829a98

    • SHA512

      83d199cc7cf1e4cd7167a6b11a045ce04d20b0f582008cde5344278651c5311dcb05a873dfd324c9601c13a0c2babd02f2f290df83445eb96ce869052083bc64

    • SSDEEP

      12288:SChVpNEAvA+FNFjnYSebof/sT8iG4shCbCgNP:SChVpNr2Sebof/s/G4eMCgN

    Score
    1/10
    behavioral27behavioral28

    • Target

      libraries/SharpDX.DXGI.dll

    • Size

      125KB

    • MD5

      2b44c70c49b70d797fbb748158b5d9bb

    • SHA1

      93e00e6527e461c45c7868d14cf05c007e478081

    • SHA256

      3762d43c83af69cd38c9341a927ca6bd00f6bae8217c874d693047d6df4705bf

    • SHA512

      faced62f6ecbfa2ee0d7a47e300302d23030d1f28758cbe9c442e9d8d4f8359c59088aa6237a28103e43d248c8efc7eeaf2c184028701b752df6cce92d6854d0

    • SSDEEP

      1536:taSL4xpOaI0PXSgMkPXsHIrPQkrNCivO5Ib6VU3x8w85SMxcnqNojG5JW/UlibAs:taSLYpfI0fTtP8HIbQkreK

    Score
    1/10
    behavioral29behavioral30

    • Target

      libraries/SharpDX.Direct3D11.dll

    • Size

      271KB

    • MD5

      98eb5ba5871acdeaebf3a3b0f64be449

    • SHA1

      c965284f60ef789b00b10b3df60ee682b4497de3

    • SHA256

      d7617d926648849cbfef450b8f48e458ee52e2793fb2251a30094b778aa8848c

    • SHA512

      a60025e304713d333e4b82b2d0be28087950688b049c98d2db5910c00b8d45b92e16d25ac8a58ff1318de019de3a9a00c7cbf8a6ad4b5bb1cb175dafa1b9bea2

    • SSDEEP

      3072:6ccUvNf/AThDrcfiSDt0XN3ZDoyz91Sy0KwbwgG5OHDyGQsnHZ09K3vJqlQ1VcTS:zRfi+SmNgOHDyGQsucvJqW6Ts4dDjJZ

    Score
    1/10
    behavioral31behavioral32

MITRE ATT&CK Enterprise v15

Tasks

static1

orcus
Score
10/10

behavioral1

discovery
Score
3/10

behavioral2

orcusdiscoveryratspywarestealer
Score
10/10

behavioral3

Score
1/10

behavioral4

Score
1/10

behavioral5

Score
1/10

behavioral6

Score
1/10

behavioral7

Score
1/10

behavioral8

Score
1/10

behavioral9

Score
1/10

behavioral10

Score
1/10

behavioral11

Score
1/10

behavioral12

Score
1/10

behavioral13

Score
1/10

behavioral14

Score
1/10

behavioral15

Score
1/10

behavioral16

Score
1/10

behavioral17

Score
1/10

behavioral18

Score
1/10

behavioral19

Score
1/10

behavioral20

Score
1/10

behavioral21

Score
1/10

behavioral22

Score
1/10

behavioral23

Score
1/10

behavioral24

Score
1/10

behavioral25

Score
1/10

behavioral26

Score
1/10

behavioral27

Score
1/10

behavioral28

Score
1/10

behavioral29

Score
1/10

behavioral30

Score
1/10

behavioral31

Score
1/10

behavioral32

Score
1/10

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.