Overview

overview

10

Static

static

10

Orcus RAT.rar

windows7-x64

7

Orcus RAT.rar

windows10-2004-x64

1

Release/Ex...ed.pdb

windows7-x64

3

Release/Ex...ed.pdb

windows10-2004-x64

3

Release/Ex...ed.xml

windows7-x64

3

Release/Ex...ed.xml

windows10-2004-x64

1

Release/Ex...ed.xml

windows7-x64

3

Release/Ex...ed.xml

windows10-2004-x64

1

Release/Fl...er.pdb

windows7-x64

3

Release/Fl...er.pdb

windows10-2004-x64

3

Release/Fl...er.xml

windows7-x64

3

Release/Fl...er.xml

windows10-2004-x64

1

Release/Go...op.pdb

windows7-x64

3

Release/Go...op.pdb

windows10-2004-x64

3

Release/Go...op.xml

windows7-x64

3

Release/Go...op.xml

windows10-2004-x64

1

Release/IC...it.xml

windows7-x64

3

Release/IC...it.xml

windows10-2004-x64

1

Release/Ma...al.xml

windows7-x64

3

Release/Ma...al.xml

windows10-2004-x64

1

Release/Ma...ro.xml

windows7-x64

3

Release/Ma...ro.xml

windows10-2004-x64

1

Release/Mi...ks.xml

windows7-x64

3

Release/Mi...ks.xml

windows10-2004-x64

1

Release/NLog.js

windows7-x64

3

Release/NLog.js

windows10-2004-x64

3

Release/Ne...on.xml

windows7-x64

3

Release/Ne...on.xml

windows10-2004-x64

1

Release/Oo...pf.pdb

windows7-x64

3

Release/Oo...pf.pdb

windows10-2004-x64

3

Release/Oo...pf.xml

windows7-x64

3

Release/Oo...pf.xml

windows10-2004-x64

1

Analysis

  • max time kernel
    149s
  • max time network
    155s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    16-12-2024 22:33

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Release/GongSolutions.WPF.DragDrop.pdb

  • Size

    207KB

  • MD5

    fe261eb5106b977e776d55a75e34350e

  • SHA1

    c9a0928bcf3c5f774cda99441a6eca517c476c12

  • SHA256

    2b4c2e2bbca8f975f6edc2f1031dcf72bca3b0cab7ebc7ac180e09ef78ee4695

  • SHA512

    5db914487de4af2b859b535e9484a4c38bc13d7ec46b2b0be496dfb074720c61434a2ef8cd9dd080c3708c03151c26e072da24a4eb8363fd29701c6607dd6489

  • SSDEEP

    1536:wVk5Jfp3FxhFrRVxQaWiaaiSwZbZRTm62l9uuu/NcHZ756GqYTT0s+u7okB1SQK2:BnsYT7dDSQTlRG1dBrXNiQ4dBrX

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 2 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\Release\GongSolutions.WPF.DragDrop.pdb
    1⤵
    • Modifies registry class
    PID:2144
  • C:\Windows\system32\OpenWith.exe
    C:\Windows\system32\OpenWith.exe -Embedding
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:1848

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads