Overview

overview

10

Static

static

3

1cd1f7fff3...0e.exe

windows7-x64

10

1cd1f7fff3...0e.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    be6a2eb19719c11f1aac7a06fc5301df.bin

  • Size

    692KB

  • Sample

    241129-14xksaypbv

  • MD5

    ca505c1e8174998ac14a405aba012935

  • SHA1

    d99af720a390118e8d99c11cb7bfacf37277368e

  • SHA256

    dcb291059b9d48a686b4ae5d83f5c6438617d0e9fc24ba5031556f9284b4d90c

  • SHA512

    e6d8c3bdfcf23daddca1c30bc09a9cff8e226b5d87fc7706a397ad56941303ed4c3d2f7b4b9e74321431f19a33420bddc9d122ab4004d58ba9810277023a01a3

  • SSDEEP

    12288:Qs2LIZr7Eopwj9IzuYUa1OKhrCwZkYwXqK8AxgQZvE5TscheFAtuj06SBA0Ko:6LC7wjmYaMKFC/Xqs14sW+0fJZ

Score
10/10
orcusdiscoveryratspywarestealer

Malware Config

Extracted

Family

orcus

C2

45.204.82.103:6606

Mutex

c137f83daf6641cd8f12b4695c8f209e

Attributes
  • autostart_method

    Disable

  • enable_keylogger

    false

  • install_path

    %programfiles%\Orcus\Orcus.exe

  • reconnect_delay

    10000

  • registry_keyname

    Orcus

  • taskscheduler_taskname

    Orcus

  • watchdog_path

    AppData\OrcusWatchdog.exe

Targets

    • Target

      1cd1f7fff33ed742cd3e44b5db696c9081f0452405f2ab33850e0a953e1e5f0e.exe

    • Size

      984KB

    • MD5

      be6a2eb19719c11f1aac7a06fc5301df

    • SHA1

      635be56a62a13b279a87f7080382b20a9d608458

    • SHA256

      1cd1f7fff33ed742cd3e44b5db696c9081f0452405f2ab33850e0a953e1e5f0e

    • SHA512

      321e050bb06a3769ffdd442447e3be68e23b8993cb0adf21d56fef19dadebe5d1d3c14c2d060c81606e9dce20d643449fee07c536f94c9c77859d0ff8dbd4fcb

    • SSDEEP

      24576:jpCPHKEHa10rCwCgWE9rBhh7ZGyjyFkhakMzKE:jpCPHKEm0mwCgFrfh7UyjnhakMzKE

    Score
    10/10
    orcusdiscoveryratspywarestealer

    • Orcus

      Orcus is a Remote Access Trojan that is being sold on underground forums.

      ratspywarestealerorcus

    • Orcus family

      orcus

    • Orcurs Rat Executable

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks