dd2b03dfe0e44f341463bcbde9db6967fba87d3797dfc950ab6610f936b980ab | Triage

Submit
Reports

Overview

overview

Static

static

Orcus.Admi...on.exe

windows7-x64

3

Orcus.Admi...on.exe

windows10-2004-x64

libraries/...er.dll

windows7-x64

1

libraries/...er.dll

windows10-2004-x64

1

libraries/...ds.dll

windows7-x64

1

libraries/...ds.dll

windows10-2004-x64

1

libraries/...re.dll

windows7-x64

1

libraries/...re.dll

windows10-2004-x64

1

libraries/...er.dll

windows7-x64

1

libraries/...er.dll

windows10-2004-x64

1

libraries/...ns.dll

windows7-x64

1

libraries/...ns.dll

windows10-2004-x64

1

libraries/...es.dll

windows7-x64

1

libraries/...es.dll

windows10-2004-x64

1

libraries/...ls.dll

windows7-x64

1

libraries/...ls.dll

windows10-2004-x64

1

libraries/...ns.dll

windows7-x64

1

libraries/...ns.dll

windows10-2004-x64

1

libraries/...es.dll

windows7-x64

1

libraries/...es.dll

windows10-2004-x64

1

libraries/...ed.dll

windows7-x64

1

libraries/...ed.dll

windows10-2004-x64

1

libraries/...ds.dll

windows7-x64

1

libraries/...ds.dll

windows10-2004-x64

1

libraries/...pf.dll

windows7-x64

1

libraries/...pf.dll

windows10-2004-x64

1

libraries/OxyPlot.dll

windows7-x64

1

libraries/OxyPlot.dll

windows10-2004-x64

1

libraries/...GI.dll

windows7-x64

1

libraries/...GI.dll

windows10-2004-x64

1

libraries/...11.dll

windows7-x64

1

libraries/...11.dll

windows10-2004-x64

1

Analysis

max time kernel
92s
max time network
141s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
19-11-2024 23:33

Sharing

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

Orcus.Administration.exe

Resource

win7-20240903-en

windows7-x64

5 signatures

150 seconds

Behavioral task

behavioral2

Sample

Orcus.Administration.exe

Resource

win10v2004-20241007-en

orcus discovery rat spyware stealer

windows10-2004-x64

5 signatures

150 seconds

Behavioral task

behavioral3

Sample

libraries/OpusWrapper.dll

Resource

win7-20240903-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral4

Sample

libraries/OpusWrapper.dll

Resource

win10v2004-20241007-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral5

Sample

libraries/Orcus.Administration.Commands.dll

Resource

win7-20240903-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral6

Sample

libraries/Orcus.Administration.Commands.dll

Resource

win10v2004-20241007-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral7

Sample

libraries/Orcus.Administration.Core.dll

Resource

win7-20240903-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral8

Sample

libraries/Orcus.Administration.Core.dll

Resource

win10v2004-20241007-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral9

Sample

libraries/Orcus.Administration.FileExplorer.dll

Resource

win7-20241010-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral10

Sample

libraries/Orcus.Administration.FileExplorer.dll

Resource

win10v2004-20241007-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral11

Sample

libraries/Orcus.Administration.Plugins.dll

Resource

win7-20240903-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral12

Sample

libraries/Orcus.Administration.Plugins.dll

Resource

win10v2004-20241007-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral13

Sample

libraries/Orcus.Administration.Resources.dll

Resource

win7-20240729-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral14

Sample

libraries/Orcus.Administration.Resources.dll

Resource

win10v2004-20241007-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral15

Sample

libraries/Orcus.Administration.ViewModels.dll

Resource

win7-20240903-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral16

Sample

libraries/Orcus.Administration.ViewModels.dll

Resource

win10v2004-20241007-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral17

Sample

libraries/Orcus.Plugins.dll

Resource

win7-20240903-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral18

Sample

libraries/Orcus.Plugins.dll

Resource

win10v2004-20241007-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral19

Sample

libraries/Orcus.Shared.Utilities.dll

Resource

win7-20240903-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral20

Sample

libraries/Orcus.Shared.Utilities.dll

Resource

win10v2004-20241007-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral21

Sample

libraries/Orcus.Shared.dll

Resource

win7-20240708-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral22

Sample

libraries/Orcus.Shared.dll

Resource

win10v2004-20241007-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral23

Sample

libraries/Orcus.StaticCommands.dll

Resource

win7-20241010-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral24

Sample

libraries/Orcus.StaticCommands.dll

Resource

win10v2004-20241007-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral25

Sample

libraries/OxyPlot.Wpf.dll

Resource

win7-20240708-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral26

Sample

libraries/OxyPlot.Wpf.dll

Resource

win10v2004-20241007-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral27

Sample

libraries/OxyPlot.dll

Resource

win7-20240903-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral28

Sample

libraries/OxyPlot.dll

Resource

win10v2004-20241007-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral29

Sample

libraries/SharpDX.DXGI.dll

Resource

win7-20241023-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral30

Sample

libraries/SharpDX.DXGI.dll

Resource

win10v2004-20241007-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral31

Sample

libraries/SharpDX.Direct3D11.dll

Resource

win7-20241023-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral32

Sample

libraries/SharpDX.Direct3D11.dll

Resource

win10v2004-20241007-en

windows10-2004-x64

0 signatures

150 seconds

Report Analysis Logs

General

Target

libraries/OxyPlot.Wpf.dll
Size

157KB
MD5

9f8b251f09a2c14c18b52be6359b3bf6
SHA1

1a498d7467a05aac25bbb2333b0730375a8ba8db
SHA256

212b0dcf8688c2a2092c7b605e973c98c5f67527832adad0aee459c79d182d2b
SHA512

ab4efd8b56059870c4ae099e79782f3db7592f453d03ab1db6b6c2df52bbf2c4d04e2f0d2eb81604582bcbac433e700ea1345c9181455f8378db512bfa489bd6
SSDEEP

3072:zO0czhby1/BLnIIUuAiF0onk8i8YXY5wdf9ZU5JZ55UxN4++E5D/FNcPyy7GK:Ce1/BDpUu7F0okmYXY5wdf9ZU5JZ55Ua

Score

1^/10

Malware Config

Signatures

Processes

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\libraries\OxyPlot.Wpf.dll,#1
1⤵
PID:2132

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

© 2018-2024

Terms | Privacy