orcus | a99c1ef96af87ba6b9ed1c8dbefcd2f7ea1c46bf909058cc776a366239e76de0

Sharing

Copy URL

Twitter E-mail

General

Target

Orcus-1.9.1-Source-Code-Compiled-main.zip
Size

23.9MB
Sample

241119-wxqrfazjaz
MD5

bfb74805ac602633622bbf9f74c6e667
SHA1

55d57e1c2442bf90ed6316bd977adb8dfb274fb2
SHA256

a99c1ef96af87ba6b9ed1c8dbefcd2f7ea1c46bf909058cc776a366239e76de0
SHA512

47b873494cbdc75988dba3b1bf13c515e1607b0e008ea3249a37cc8dee70332670b79cd3732726fc43a1b19515ce0cbd4a5fe28f16891a2515767c495a2bc2a9
SSDEEP

393216:dpqfQi6Le2QJhWCqaIzgedGnvGKn9N/sjdAO2M0/ZPUkePjTTuNK2PiJMrxZ4epk:ufQ5LpAQsIzge4nH9N0jdiMhjONK2PiT

Score

10^/10

orcus discovery

Malware Config

Targets

- Target
  
  Orcus.Administration.exe
- Size
  
  3.9MB
- MD5
  
  d2ad90e1c4ca9ea13c31febb5424ad40
- SHA1
  
  fe6742914356f7e2b29430ec3f46d2343dac07aa
- SHA256
  
  ac5343d5eb944b51c8dee8adfb5975402199813230af90bb33c24f411c545b63
- SHA512
  
  6a049d35af887bb96a08165a25d693f3e0dbf40a91c1e1c9db4df56a04a2171836197c10058232918e333a8021c8c0a3f01f014997147b2c62acee900fe6e357
- SSDEEP
  
  49152:MO541QLPPV7Al40NVANW8cyTj/e1nsaLlZWneHAl4:MO1V7Al40NG48cyTC5LlZWneHAl4
Score

3^/10

discovery
behavioral1 behavioral2
- Target
  
  libraries/AForge.Video.DirectShow.dll
- Size
  
  60KB
- MD5
  
  17ed442e8485ac3f7dc5b3c089654a61
- SHA1
  
  d3a17c1fdd6d54951141053f88bf8238dea0b937
- SHA256
  
  666d44798d94eafa1ed21af79e9bc0293ffd96f863ab5d87f78bcee9ef9ffd6b
- SHA512
  
  9118bf11760354e9971ae8b27f7f6a405e46145b39ca6e6b413cb2e729e51304b895965e9140f66c9e3ef7caa4f344762bf059688b23dd32e4c2df271394fea2
- SSDEEP
  
  1536:XwumrikcyTpOKVi+Dqp6viPUCcvKWz3NTpAK+7KI4v8U:6dOKViKa6pOWbhpAKyKIVU
Score

1^/10
behavioral3 behavioral4
- Target
  
  libraries/AForge.Video.dll
- Size
  
  20KB
- MD5
  
  0bd34aa29c7ea4181900797395a6da78
- SHA1
  
  ddffdcef29daddc36ca7d8ae2c8e01c1c8bb23a8
- SHA256
  
  bafa6ed04ca2782270074127a0498dde022c2a9f4096c6bb2b8e3c08bb3d404d
- SHA512
  
  a3734660c0aba1c2b27ab55f9e578371b56c82754a3b7cfd01e68c88967c8dada8d202260220831f1d1039a5a35bd1a67624398e689702481ac056d1c1ddcdb0
- SSDEEP
  
  384:Wu9f/hWFwLX+WJ7gfZLTswhHDlOdKaCxkyf0l:HfpZL9uxE9Cxd8l
Score

1^/10
behavioral5 behavioral6
- Target
  
  libraries/Be.Windows.Forms.HexBox.dll
- Size
  
  84KB
- MD5
  
  1abb997d4e809b9d7f9016617dc01294
- SHA1
  
  b249037720e408128e6559d02a7a8772db6d4438
- SHA256
  
  4938a4dbb51fd8d35dfdf2c5d42e9a127b9365d495461864e6bb9ec7fc9a3cb7
- SHA512
  
  c943a9ad6cfde82fb3e30bffd96006b4524e3c9348da66fd461be44e8e093afbe58d9da121494d9e557b1fd052413e651e5d1c549f8508e5061640818d895b1a
- SSDEEP
  
  1536:vOo386x64hWu/19AQhZRxZJhn1fHJ1Y4eXrEBKsC5FfCf3vb7kn7kTXkF5Gj5qRQ:z38BEzAh5Cf/4t/0hoWp
Score

1^/10
behavioral7 behavioral8
- Target
  
  libraries/CSCore.dll
- Size
  
  519KB
- MD5
  
  94a312a6fcec0e78808bcea3d8ff67f5
- SHA1
  
  fe760487d13f9a6f5f359036561105d4aca88a1f
- SHA256
  
  e835139171eb0d63b6b4e02b0997cac040c02d295648a275d4c8d28b234c8e94
- SHA512
  
  ecdedeee1ee4e35e4fbd2dea3a4dd8b0805166a9610a63affbfb673f2644588eacecba6b3a5a0052c202ab14c321800997512abc318d36a50b00cc86dc83ec1c
- SSDEEP
  
  6144:qTOLDSWi9it6YQSJpAJNSgwB4dIiZsxFrRz0JfBT8hVNuNdrmh4K:oa2WR/YOBIORIJf84K
Score

1^/10
behavioral10 behavioral9
- Target
  
  libraries/ControlzEx.dll
- Size
  
  176KB
- MD5
  
  952ae691d9f17599a521b2d04aceeb46
- SHA1
  
  55e0fa225c6fac6f25b28fd67ef844283d96c9c0
- SHA256
  
  241cb77017dc48e7cfac4bfbd005abb66432b9f4bf8cfd4f819b628d90f97fe0
- SHA512
  
  53246224c9fd54ba6bd61f204aaa166b1431a4bde53b5b6ef48ccd7fc90ac3a9ddf5f5ad74deb730dcb315d03794ed416a5448550ceda175662a49ea0b5c3d02
- SSDEEP
  
  3072:FwkXm5RYe8R9HFif0ABkS9p+dFtp04M9Y8B3UVk7pq7F0E7:GYBL6p9pwFtppM9Y81Sk7pq7F0E
Score

1^/10
behavioral11 behavioral12
- Target
  
  libraries/DirectoryInfoEx.dll
- Size
  
  225KB
- MD5
  
  04dae4b15d70a29a6d8183652b689508
- SHA1
  
  762aab075cde29899189a8a3d6e28aa0823ce698
- SHA256
  
  7c780626bcdbddc10d873f6d2133058eab17b3506468d3e757bf7af7dbcdef02
- SHA512
  
  fea6b5130520a482dc37c08b1a618e6b69bc553c902722b1a212af459c0caddde543796979889a427727a80898237fd0208d628e4f76bc9f4d78f68f2e434744
- SSDEEP
  
  3072:TkwuCouJ5u1Q6LvV0rNSA3fu5txqVHRblFkh6l6QaPKZJGA1P2RroveF0gK:TkyLWRLt4V3sOVHqJQQZ4U0
Score

1^/10
behavioral13 behavioral14
- Target
  
  libraries/Exceptionless.Signed.dll
- Size
  
  734KB
- MD5
  
  4787a519cfd30d7a7687ee62de7d8a47
- SHA1
  
  9f9213692517aaa331ab0622e24b9458f483e95e
- SHA256
  
  57b7be985c0b4630b8ca581e978e88671ae5912d06807891edd1d10e552d3765
- SHA512
  
  c74f7f4396082ab6f245ac7fcc61161cbc5582464bc78b3cf42deb08f9e44304568f462753b5c25122bcac4f58e766594426f7ff044d14c7b17f24825d3109d0
- SSDEEP
  
  12288:SIKYlJjYbqxA6eWYHSpim8bVNVJIdUMhik5Kp5dBHLrVr4JOQ:l9a6erSpim8ZNVJI6x5dBHLrVr4JOQ
Score

1^/10
behavioral15 behavioral16
- Target
  
  libraries/Exceptionless.Wpf.Signed.dll
- Size
  
  26KB
- MD5
  
  1b3a319b40f7cf78253d79ce3b8c0d42
- SHA1
  
  23b6d076946967e4921f97e024ed68b72cbfbe3b
- SHA256
  
  60cc0b13a13be7b36f2e1637b4d8f7f64ccef198bb258b318fde9c2810ac2447
- SHA512
  
  48ab69135c9f8c54eaf2c7b561ebf475d2a61e5911bcdf469b777f3bdea3d04697805fe09de7f81d57466e0904d2b625c7a1fd35e07f574c70ac70a6d486faf2
- SSDEEP
  
  384:4foIgJjjnB13YuPwfkaNOAsL6L5vGLxrZfvTOtDTjzImcOFz/Ym1T9yQT0B0Am9B:4foZjjBJiLxkOtDbcsz/9NVGZBw7
Score

1^/10
behavioral17 behavioral18
- Target
  
  libraries/FluentCommandLineParser.dll
- Size
  
  43KB
- MD5
  
  d0220eb32a8a631ca29f55929c7046cb
- SHA1
  
  553ec4ecc90676c7bb1de9f75a6b1226f39677aa
- SHA256
  
  e6124423367a9ec411176e2714c16a041c1a8b3e1691845040b57b0d779bef14
- SHA512
  
  63c2d7ac019d511751c57153bde64c5c57819a74ffbd1a893ea980211185296f018bc09980537394bb33e92508b4e14d87da8a6fba2ca87b820b9276d07a3445
- SSDEEP
  
  768:/WDesbk1hc+zloHIC/+9LXPnnx+N8iRnFidzsREmm:eDejkc9LnAzaIRS
Score

1^/10
behavioral19 behavioral20
- Target
  
  libraries/GongSolutions.WPF.DragDrop.dll
- Size
  
  108KB
- MD5
  
  31c8b0fc79d9ec1b1cd4e57ce74c3560
- SHA1
  
  feb1663c85da937fa94d6ec0f1c1d96b3b1c0496
- SHA256
  
  abb63fdf8125a59096918778e4c1f9afdac3fe08b37c700895bfafdd8b63abfc
- SHA512
  
  b8280877af5c1b9a925abb4cf562003a82d8cdd9a84b5c76a456b5439b7b59c826aeac4ea9c84c8e37a8d37ed53f48334ecf23eb31bc31cd2fe3086379a8f70e
- SSDEEP
  
  3072:QzxuS44j1DkuoIHuFDLe4OThhOFLHyDkiEo+jK7G:QES4wNS/sXOFLHyDkiujK7
Score

1^/10
behavioral21 behavioral22
- Target
  
  libraries/ICSharpCode.AvalonEdit.dll
- Size
  
  605KB
- MD5
  
  8f36b03d547fb3e0f9654d4f3074b89f
- SHA1
  
  efa7dc54a626c20cbaec3b19b517a2ab64ac6e63
- SHA256
  
  941d014ff2689248704b92e4de92bc7a6015a4fcd31dec426ef2d727acc04231
- SHA512
  
  27c3020357d19a1498fff8c70d86e501b2b691a179fcf82d4590f371df6130157e7a88c97d5d22c9dcebd4d94af54d2aff90bb12589b88e6b65f3f50e9067509
- SSDEEP
  
  6144:kiYcovb1WrZKNhU7nMjaR6dmnItzdSdoO+MSHMb5RKs8rvD288LPnM+k3XjXAUiW:kPcovbRon6cSEKvrvS88Lf1ltm
Score

1^/10
behavioral23 behavioral24
- Target
  
  libraries/ICSharpCode.SharpZipLib.dll
- Size
  
  196KB
- MD5
  
  c8164876b6f66616d68387443621510c
- SHA1
  
  7a9df9c25d49690b6a3c451607d311a866b131f4
- SHA256
  
  40b3d590f95191f3e33e5d00e534fa40f823d9b1bb2a9afe05f139c4e0a3af8d
- SHA512
  
  44a6accc70c312a16d0e533d3287e380997c5e5d610dbeaa14b2dbb5567f2c41253b895c9817ecd96c85d286795bbe6ab35fd2352fddd9d191669a2fb0774bc4
- SSDEEP
  
  3072:hjMibqfQqFyGCDXiW9Pp/+Tl4abpuu201PB1BBXIDwtqSPVINrAfvp1:GibqI59PpOPf201/z7p
Score

1^/10
behavioral25 behavioral26
- Target
  
  libraries/Lidgren.Network.dll
- Size
  
  117KB
- MD5
  
  a6fdc03e2cbdfa9d393512606097a1ff
- SHA1
  
  c63933c082d282a284250deceb51d0d300647fe7
- SHA256
  
  bf9948c27bd2947a42ea51ccc63b93f2b9030bd117393e1d7637a5770b9b0776
- SHA512
  
  2ec59fd17cd34741ab8d0ef0d8ef3533ef38b03e98d65bb1a19940349b16e47142b0d407946cb05bfc63d7859c1472c0906a72be0e1dcee0c170b80270ad6ca2
- SSDEEP
  
  3072:vmwfq+PlFS1gh72NkCM9eu3JcCDMFfXZkHhKQ6u80y8/ko1r8ApI9G:uaVh7CTu3iI/NJe
Score

1^/10
behavioral27 behavioral28
- Target
  
  libraries/MahApps.Metro.IconPacks.Material.dll
- Size
  
  1.1MB
- MD5
  
  d8e627aadfb6dfed292be0672faa9f15
- SHA1
  
  2a7f51711bffd75ecb2d7ff2f510c89eecd16366
- SHA256
  
  97f4ca8c89ee13b8c249ca6f929d067ba3e87be07b4afa372fdc0a7e9e6e78e1
- SHA512
  
  d5139830d367a29e76ca260d9b17955cff80f1779c157551642f7e13d9abd265335ba0bbda433e8898042d482f29d79c48683fede4b8af746b69a7dfcd02098c
- SSDEEP
  
  6144:z40kYmQYwygR8Vi3vTZ20kuCcrY5eakqF09HfnmnygreJrextoqQpddv0dxHde:MpYm
Score

1^/10
behavioral29 behavioral30
- Target
  
  libraries/MahApps.Metro.dll
- Size
  
  1.0MB
- MD5
  
  735bea953b819dc0874176355e3e3141
- SHA1
  
  8ff71613230d454ec27d7b7ee6795289751a5277
- SHA256
  
  1af18a7eae467706f699dea9fcade9635ea2e331737501b72910413dfb12f17c
- SHA512
  
  2963d60fd6c182fa01b62ada3894987ba34f317b5c0cb92905a92930d68a6eeca5f4511d3d36a4ed4a0c3e3851f3ca16683ce9e8d98567f8cc206b973fee5148
- SSDEEP
  
  12288:3EAVRt0dmk6GmfvE4v4ICwQGZDHSxV/INvHG:3EAVRtOB6Gy/v4ICwQGZDHSxV/wvHG
Score

1^/10
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32