orcus | b0cc453944dc427b9adfc3014d42acdc4a21f22c199c34e6f4d30057c318b970 | Triage

Sharing

General

Target

b0cc453944dc427b9adfc3014d42acdc4a21f22c199c34e6f4d30057c318b970
Size

2.9MB
Sample

241226-bjl6wasrgs
MD5

1249e9396c0db740782bf81f4df9af36
SHA1

9115861b4181e12ea6a2974df2beb8b06f91ef76
SHA256

b0cc453944dc427b9adfc3014d42acdc4a21f22c199c34e6f4d30057c318b970
SHA512

ab355529fc66b99d0521a013e062a17ffb6017e17ec67efa570d8080938a6b2540475058f8035a1b01179e593e1ff808e6116bde2b9ab44012e06576c031c1f9
SSDEEP

49152:NXmN8QFUwqYZeM9/ZzzBjMkPUayX82+YXAypQxb9ndo9JnCmlWncFf0I74gu3Ts:NS0wGGzBjryX82uypSb9ndo9JCm

Score

10^/10

orcus rat spyware stealer

Malware Config

Extracted

Family

orcus

C2

192.168.50.155:10134

Mutex

orcus_rat_______874d7e7d129c4b8594f95e8c03299577_1488_1488_1488_freeeeeee_robux

Attributes

autostart_method
Disable
enable_keylogger
false
install_path
%programfiles%\Orcus\Orcus.exe
reconnect_delay
10000
registry_keyname
Orcus
taskscheduler_taskname
Orcus
watchdog_path
AppData\OrcusWatchdog.exe

Targets

- Target
  
  b0cc453944dc427b9adfc3014d42acdc4a21f22c199c34e6f4d30057c318b970
- Size
  
  2.9MB
- MD5
  
  1249e9396c0db740782bf81f4df9af36
- SHA1
  
  9115861b4181e12ea6a2974df2beb8b06f91ef76
- SHA256
  
  b0cc453944dc427b9adfc3014d42acdc4a21f22c199c34e6f4d30057c318b970
- SHA512
  
  ab355529fc66b99d0521a013e062a17ffb6017e17ec67efa570d8080938a6b2540475058f8035a1b01179e593e1ff808e6116bde2b9ab44012e06576c031c1f9
- SSDEEP
  
  49152:NXmN8QFUwqYZeM9/ZzzBjMkPUayX82+YXAypQxb9ndo9JnCmlWncFf0I74gu3Ts:NS0wGGzBjryX82uypSb9ndo9JCm
Score

10^/10

orcus rat spyware stealer
- Orcus
  Orcus is a Remote Access Trojan that is being sold on underground forums.
  rat spyware stealer orcus
- Orcus family
  orcus
- Orcurs Rat Executable
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

orcusratspywarestealer

behavioral2

orcusratspywarestealer