orcus

Sharing

Copy URL

Twitter E-mail

General

Target

OrcusRAT-main.zip
Size

25.0MB
Sample

241228-xagqpazpey
MD5

4ebe8621171038676189cbc5e7053d9f
SHA1

2e3a3b97163d1e8af1e41c36f9495062fb4b1934
SHA256

3786d314f4e3906400b24657ed15fca047576eba9cf17630246db69503fdbea3
SHA512

e0091ae9f3acddc7e8d11b89a60debc3dab57b8af57bde4a3f538b2283eae398a1adec8224bf5fd2d0be61be015fc2a79c49b06cf786945073e1cc87d66be356
SSDEEP

786432:DFrAoo07VJxiSdlBx4IVwXuOHKW3kijZk:hrA+xJBgIEuMUiNk

Score

10^/10

Malware Config

Targets

- Target
  
  OrcusRAT-main/How To Open Port All Tutorial.url
- Size
  
  96B
- MD5
  
  e6e103fb45cbe55836826bc3410efcc0
- SHA1
  
  ff589e9f655d3368571562711b954f301615d457
- SHA256
  
  99e7a2772fa7b583be865188c49e15d8294569d820bb29be95cee538a6a5f494
- SHA512
  
  d41fa5eb682f9c2a1eddcac0a79cdda9f7228b9080c843ce5e7aa1ef027f8c773733faa471e44ca76a37e405d5488c29f34e1785f149115bd65f01fb3b52acb7
Score

1^/10
behavioral1
- Target
  
  OrcusRAT-main/How To Setup a Rat.url
- Size
  
  96B
- MD5
  
  8d61646db59cc7460b40bc79001a40a1
- SHA1
  
  e43cdfb3d27a0cb4b4532053c27810abf06d415e
- SHA256
  
  c5d1bc7427609e082195ad8db57c9b35b274e3df63a92d78917334425730d1e7
- SHA512
  
  9eef7dcaa96a52d52caff6b9709f8377437ff201e976761eec8c35669f946ef111d7da9528c8f253f469969513e4ec5e6a5d0b861665254a6564f8c2d85d9f99
Score

1^/10
behavioral2
- Target
  
  OrcusRAT-main/Orcus.Administration.exe
- Size
  
  16.2MB
- MD5
  
  a6347e4e194adb6d2a3fae52598d8cdd
- SHA1
  
  aa06c496c20d6e04142d4a5205a032680a452a0d
- SHA256
  
  911e3e95efddbae9d1c2f4b04027567c76823116755097b5868b7241c7e30cbc
- SHA512
  
  2ee24604c0edbc09096e2344ca6c1f74b1067b9aff7f077d0b4e42cd8f51dd1116e98016e34f0a1d951fcdbc8bfed33b1709a9692ba95b3ea3cd84d9ce080922
- SSDEEP
  
  393216:3pC4606R60B8vYfZ9DfZ9DSK7SftLaeH+:sJOcPLPte
Score

10^/10

orcus discovery rat spyware stealer
- Orcus
  Orcus is a Remote Access Trojan that is being sold on underground forums.
  rat spyware stealer orcus
- Orcus family
  orcus
- Orcurs Rat Executable
- Loads dropped DLL
behavioral3
- Target
  
  OrcusRAT-main/Uninstall.exe
- Size
  
  101KB
- MD5
  
  4143d3bb52f6ca4aea06d4ae15db611f
- SHA1
  
  be6b949ed7be8ce752b7343d56d9c3f96b25a0d3
- SHA256
  
  1ff448e9e456f5ad022c2bffb16e0e94eeb6346e8befab695ec0f369349a1a0a
- SHA512
  
  2a9befa77e042ea32358c8e3c40e67b3ebf618744634878393a7f7121484371dd62f5d981d0aaef2280bb1a574379271abaf249708ed49b893924fb521cbd2d2
- SSDEEP
  
  1536:zO/z6hPABUjO/Zd1716EoLiL4l1HdIaqQPDm0xK8i6f0Zn9PRVW8sW45o7Nkn:kzgjO/Zd1RePDmZ8tf05iW4uM
Score

7^/10

discovery
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
behavioral4
- Target
  
  OrcusRAT-main/libraries/AlphaChiTech.Virtualization.dll
- Size
  
  51KB
- MD5
  
  66c29815e0e824874e69342fe344d460
- SHA1
  
  0c50bf0f38d1577172e534483768368288a59753
- SHA256
  
  5a9296146dd3d0dca9507e59520c29ef9848cbd7599a95efe09c01fa1c894d8a
- SHA512
  
  be9649d8a7b21c4b784df91b6694f6f0ca698ca8484cb6232659123dbfc4908e1a74a100f43b34c9473d998d8565bc86dff3f46978e93c7fa9285128a97b096a
- SSDEEP
  
  1536:w57kU/A3fmKsyZWxRkHEYuMHsN5JdGoSoD2Rg2:w5EsyZtROFDmg2
Score

1^/10
behavioral5
- Target
  
  OrcusRAT-main/libraries/Be.Windows.Forms.HexBox.dll
- Size
  
  77KB
- MD5
  
  e00907b3d9270d4cca87c25ff30bcd02
- SHA1
  
  c59a191e9d0180530af19749b16f6382d410b322
- SHA256
  
  5448e587498c560ef1d8e182344bc340a57cfd3b05c4507c48da11e139035818
- SHA512
  
  73ee810bef992fab54cdb4ada648b2b32ba17f94076f3c079c57e97a0a62193a9a7d5745c454744b380bae2ba447b23556604765410929521260946ef73e7fb1
- SSDEEP
  
  1536:jcF2tarjL/jyH9oHPvH3f5rhZ3rmGAp16RHJjGccjOthSXlOhZnTFp8k7kXk5GLd:jhtt9oGjOt8XlOh/zziR
Score

1^/10
behavioral6
- Target
  
  OrcusRAT-main/libraries/CSCore.dll
- Size
  
  496KB
- MD5
  
  5e8fe2a84d3076f5d9815b77eb67d4f6
- SHA1
  
  c08f0f706520e1a32b0999bda032c90755f7d374
- SHA256
  
  fd3feefc62097ff785c7fdd524070e25fcaba7e4ce19f5480ecad695dd2a5405
- SHA512
  
  8a5e77aa6f31db39dae45dbb2dc45da717a065f6831552b0133f6defe6551e236226acfc5dfecc93dad1a3457720d8f85a985c71a7591d45755c3f8ff4740438
- SSDEEP
  
  6144:qgnuf8G18h9LKXYTD+XVyX6QgYC/f98+5JBO5blpIz0oG2th9i/J:qgFBKcDFXDgYC/f987Kz19i/
Score

1^/10
behavioral7
- Target
  
  OrcusRAT-main/libraries/Exceptionless.Extras.dll
- Size
  
  71KB
- MD5
  
  d3fcd5038079ef42e23ed39a86af5a31
- SHA1
  
  3977309df5b3ddc0218a800ee463ddcbcae7503e
- SHA256
  
  9d4ab0418d94d3c3d7025ecc1c70ce1762ee12aaa4d35666c2dc7887df53a537
- SHA512
  
  8535e4b5b7b61cf31fe69bd43eb2ba4c2a248a2f2a6efcf9b1ffc9cf4d39b67dcb687d45964054b3900f5aa21662b4acc91302f02e99e819ac6f5827a0d493d0
- SSDEEP
  
  1536:mB4/RmrDkeXDlc4n10Yf6vvB78MFG20es2A1OLv2Nvr838HVHHOU30fKFWHVyePD:m+/IXZTn1BjpemrPEXK7eASoC
Score

1^/10
behavioral8
- Target
  
  OrcusRAT-main/libraries/Exceptionless.Portable.dll
- Size
  
  678KB
- MD5
  
  6aba9f00d64371b940eedc21804ea9eb
- SHA1
  
  5fb0e520a23c780474b0866218c61ff55d083b3f
- SHA256
  
  22c949720dacd2dc19b7744185b18faf53dc18199c36af44158257a08ce7f3fd
- SHA512
  
  9166ff3cfd7adc334f3a98f4a40736c178a1c793f6ca264722bd1b962a3d059d88035eee1f45aab2b45a8692a13ef50c8e762c4c8600937b263fd7c2703185c0
- SSDEEP
  
  12288:js84bq85JQrVPvIxDlm1X4Qz9g35VF7Syj4pYoSpc9UM04uBrAaJZSPZZBrEK8eV:Y4rVImlzqVFWyj4pYoSpc9UM04uBrAa6
Score

1^/10
behavioral9
- Target
  
  OrcusRAT-main/libraries/Exceptionless.Wpf.dll
- Size
  
  26KB
- MD5
  
  609fbfcf1bea7ac58712764cb9e408f1
- SHA1
  
  6831a6338e056540c5305b192b726ea68413f6c2
- SHA256
  
  c14b8c33f9679cf4cf4f80d91698e3f40acdbd82d3b700a8b2813322e5e42ec3
- SHA512
  
  41bc3949421b2179e6208f3677264399f60f81bca69a9cf632e8e8ca4978710885674d76fa635b133b6638cad11813a33a538cbccde7cf482b7e61719e8ceaac
- SSDEEP
  
  384:SO6qmMxrZfvTOtDTjzImcOFz/Ym1T9yQT0B0Am9Z6budtzYi8LkbXgAZyTlaiA1W:8qfOtDbcsz/9NV66HYikQiLEnC
Score

1^/10
behavioral10
- Target
  
  OrcusRAT-main/libraries/FluentCommandLineParser.dll
- Size
  
  43KB
- MD5
  
  9b5e37f89268ccce0e098222004093ad
- SHA1
  
  30b12174abda6a420b2cc152b5c682ff8f106c37
- SHA256
  
  fe068b6f15a5423f86558927dd22ec35070c041db9cde1ecade0590d93ca5285
- SHA512
  
  23e8cbaa6103f5a76729ee8470b5b208d67be22c9b9fa78340055ac8ded04dc6147c8c50cde96f7c10b111f81cab3e5504227ac5b8f1a616c1a1384c6350257f
- SSDEEP
  
  768:U74t6uOtRT8HuJ071hEdOgaaGoCbvfkGujm:Gc6uOtRa/71UO1onLS
Score

1^/10
behavioral11
- Target
  
  OrcusRAT-main/libraries/GongSolutions.Wpf.DragDrop.dll
- Size
  
  53KB
- MD5
  
  dcb1b714646f72939969441ee16e3197
- SHA1
  
  294014a44415bfb8a0415e1c19c7e8763046ffc8
- SHA256
  
  7236cd133dc18064cd57028be5cca18708117c3082f5ca001cb69eaf596a578c
- SHA512
  
  2e2b6fa0918a59915165ed689f524576e94cb4f531c4eac58a74049a187bfdc6d87423150e26dd244bb9b4988b4017afc0b62865f5f686524f60e7512e35679c
- SSDEEP
  
  1536:nvzBUJUgtSMoY0Z9D24W5d7Oi8SXMocAdg17wr:nv0fkDngOi7cocAdnr
Score

1^/10
behavioral12
- Target
  
  OrcusRAT-main/libraries/ICSharpCode.AvalonEdit.dll
- Size
  
  592KB
- MD5
  
  d7467d0156f22feb4b22cc5f74d7bd60
- SHA1
  
  bcc1d959786ba4253491b67d448f97cf5ad709ed
- SHA256
  
  2bf6079c143f177d954731db2ffde515bee8fbd6261e0d338ba8e7c8df1ab658
- SHA512
  
  f13092a4154524226900c8f3089ef776932cae601cb21cc10af1111014aef97a1183a2344da3f5b8f5b9fbe8b4b420412d79b71e97a1b4ed2ec384b502ba1c28
- SSDEEP
  
  6144:64Gybj4PJqJZD0JOi0Av5+ENJzHLeDjN3kNHjoJAo7gOfwlflvuSn:6i4PwJZ1szeDjKRWwl5
Score

1^/10
behavioral13
- Target
  
  OrcusRAT-main/libraries/MahApps.Metro.dll
- Size
  
  918KB
- MD5
  
  fb1e8eee84791cc015e043ab0ce32bba
- SHA1
  
  42fb789011213635a7d022ba4fd5461a0d9a134d
- SHA256
  
  0de72da4bc2d16d39c30368af880d754fa0bd9745897652ba50213e589d265c5
- SHA512
  
  748af415c875cd5d44f305cf58060e7e66ef2ef041b6e86e3a76287a51af63116096eaed0877dc48c17da6594ad0c8dbf0ecadecb763dd469be8b6cc1d02d4a0
- SSDEEP
  
  12288:qADBZgu6aCRVudOz7A+H/uzylD/AcnnnnnnnnnnnnnnnnnnnnnnnGnknnnnnAMxg:qYMRMOzjuuF/AmHRNXmbJtV/
Score

1^/10
behavioral14
- Target
  
  OrcusRAT-main/libraries/Microsoft.Threading.Tasks.dll
- Size
  
  36KB
- MD5
  
  d01819bfe03222dfa9e35a36555b6b6c
- SHA1
  
  25f8069590b14724f28e6a04b8a42e4ef4a8562d
- SHA256
  
  5f29e16edff5379e93d5be9bee4cddf98132b84326027688511ac0f3157aaf94
- SHA512
  
  e63901f39315972e446768f2c14b4279cf1dd382f97ac90c444c4d858c2a486736a259c47245026b11e5c0846310e7da020bf2466ea91aa0a15d22cb67b37477
- SSDEEP
  
  384:AjCan21RTf1FuPIgbSVHfiWvoVZHL+8SChE+QNEv4USWyWcWZ1q//0GftpBjfuHk:A+e21RTrgbSpfihdvF4eg8iUHWTmlr+
Score

1^/10
behavioral15
- Target
  
  OrcusRAT-main/libraries/Mono.Cecil.dll
- Size
  
  274KB
- MD5
  
  6d6292bc8e698e53e69556add6f62442
- SHA1
  
  fab26eb07adab421797689da27ad754aa1c31810
- SHA256
  
  0f6465ce57a0cbabc37013c8e3c9f110672de1c127b6192177d59eb1c7809772
- SHA512
  
  f77c995857bf3c62bd87cce4246d9792d388af33664fbabf05bfcf574ae9332c45013697be7f698bff6cd33b02573abcbeae172b53c75979339e01123c61ae32
- SSDEEP
  
  6144:BaUU67x2AE6gaSTYUs8Nr/gaGGv8+iGKdJDkP0bAZ:biG8Nr/vv8+O
Score

1^/10
behavioral16
- Target
  
  OrcusRAT-main/libraries/NLog.dll
- Size
  
  517KB
- MD5
  
  27c2b96dfbebba578638588d2c95705f
- SHA1
  
  6223920526982da59a93ccb2d733e9bdbb1afbaf
- SHA256
  
  a74414ee5a23d73d879c216d9cfd96a9a8ad048773fe689d8a8b3022c9869cdf
- SHA512
  
  aa90ef4fef936a43c3413c90427668b7956742bb88eb2693d8dc23654952997771e702f5c0b8ffa04e8f0ef8e16809d8bb3ac1f007bc9989b039e78a1d2a6358
- SSDEEP
  
  12288:PNShT6DUsQfOrYqk1CXQdcGASuocRwsCbDRHDh:cNEUsQfOrYqk1CXQdcGASuocRwsCbDRl
Score

1^/10
behavioral17
- Target
  
  OrcusRAT-main/libraries/Newtonsoft.Json.dll
- Size
  
  510KB
- MD5
  
  c3c04754418382f505cafc18d64427f5
- SHA1
  
  cac5e36dc498d6bb16170020be021ff5bd18a9e2
- SHA256
  
  df8ec2e0245829ddec5b79f1918c3ae3a3fa540a5a0e3c410e2b6ef0bebc7927
- SHA512
  
  bda5efd0f69a9c7198841e5d31744fa2bebb05cedb1e2846a0d2dbce6c3193da69c181be1116f38cd5f3d61b441567b1da2c844522184323e3d429294aa91ab5
- SSDEEP
  
  6144:D5AGNDJNY1d2Skc39wf9IsDraDmh7JKH8Vjp4baBmBFSu4oNVg2OUvie:LNYNY9LaDKKGSBTV9
Score

1^/10
behavioral18
- Target
  
  OrcusRAT-main/libraries/Ookii.Dialogs.Wpf.dll
- Size
  
  105KB
- MD5
  
  5926472580c7a7b45cd611dc0fb06244
- SHA1
  
  a3b33bc8c9963f727bc2a2714ec6de0c607bca40
- SHA256
  
  04b8cb55ff481a4f4f9a60bc3c5e06ed78c12a8677c211621edcf9d8467bd823
- SHA512
  
  be05b4695896b4a2ad2ca63836c9d05084b8aa1b71929e1b081fd47b851282438bdf8c7bc65466ce7f3fe30335e743c0bd12aa52670b12d6eaec8b3bfd193056
- SSDEEP
  
  1536:5lPwQgrQnQaIM9MsmdgdSrtP7QdniuLF+mnNuu48pMBqDALYHu+an+HeaP6kOdWF:5lNJIceEMGFHnM8A8HC++aPA3O
Score

1^/10
behavioral19
- Target
  
  OrcusRAT-main/libraries/Orcus.Administration.Commands.dll
- Size
  
  106KB
- MD5
  
  bca25796ab6eaced997fe584d561ab78
- SHA1
  
  c9c509e384756b55167e19aa93f90ca49bf2c184
- SHA256
  
  57d8c94738921a61c25e9022cd77fb84641e31eca86c1ef8fb169a398c068614
- SHA512
  
  56ab28bd0415f4d20f2ae97648f487b0832db80f1e96b620aea07260af9ebd9512214b1a855ed385c5ecfdec198843fb6ebed9562c133ec146662562145c225c
- SSDEEP
  
  3072:cBpsSkwwfiSyt5RgFqB+Myx/CjxaRP0yw:cltwfiSiAqB+MD8a
Score

1^/10
behavioral20
- Target
  
  OrcusRAT-main/libraries/Orcus.Administration.Licensing.dll
- Size
  
  80KB
- MD5
  
  70e207da89961cd32217eabbe3ac0791
- SHA1
  
  305ba309e762a128ae098e5bf0241ba71f3a331e
- SHA256
  
  83f968c6682b0e52b217daa6aa3da21be6967aa194a14631f43cc76c11a142e9
- SHA512
  
  8d9de9a9b3ad265a1df7bd7ab790db639d6ef4b871275a5b2fbb72f9b324cc3158d2073de2de78692fa7ffe64e78e31e7d7f75cb3b50c0d6513da21094bad075
- SSDEEP
  
  1536:I+ILbMdO5V0tqQdHNWNEyieS9pJShPB+Viy6Sp6LRaKN/8:UVavdHNWNEyib9pJShPB+Viy6Sp6LRaN
Score

1^/10
behavioral21
- Target
  
  OrcusRAT-main/libraries/Orcus.Administration.Licensing.pdb
- Size
  
  80KB
- MD5
  
  70e207da89961cd32217eabbe3ac0791
- SHA1
  
  305ba309e762a128ae098e5bf0241ba71f3a331e
- SHA256
  
  83f968c6682b0e52b217daa6aa3da21be6967aa194a14631f43cc76c11a142e9
- SHA512
  
  8d9de9a9b3ad265a1df7bd7ab790db639d6ef4b871275a5b2fbb72f9b324cc3158d2073de2de78692fa7ffe64e78e31e7d7f75cb3b50c0d6513da21094bad075
- SSDEEP
  
  1536:I+ILbMdO5V0tqQdHNWNEyieS9pJShPB+Viy6Sp6LRaKN/8:UVavdHNWNEyib9pJShPB+Viy6Sp6LRaN
Score

1^/10
behavioral22
- Target
  
  OrcusRAT-main/libraries/Orcus.Administration.Plugins.dll
- Size
  
  34KB
- MD5
  
  358e21f82feabac03af75599b09532bd
- SHA1
  
  b6523b40151fa7090d1a2c44f2b7335170b2d7aa
- SHA256
  
  ba011053d673579f781de553994366683d7ea57410ae8d10d9823387ee94b918
- SHA512
  
  7334c3b0dcddd321f9fa0536b5000151a4b65f7da5b41e1f70009af7cfdaee70c44d07ce4d5f7eded97d30a89b9c1bb71a18e39fc6243b0fc07a5e3ee05dd1d9
- SSDEEP
  
  768:tjV7GiFiE1OiO/eWKYXU6I8xdh0RqjfYzBUwT:th7GiEwOiO2WFAMQR
Score

1^/10
behavioral23
- Target
  
  OrcusRAT-main/libraries/Orcus.Administration.StaticCommands.dll
- Size
  
  25KB
- MD5
  
  0da670f8d6a9e85c29e081b0010e45b3
- SHA1
  
  6969796efaafbcd6bc91bdcc6dd26597b1d3460e
- SHA256
  
  6823338191b646db4e86a96d4572cc5cb6f9d5302dd6394cc0861c722165e5b3
- SHA512
  
  e139d609b71140895a350fc742a4641e2aa17bee5a8749cab94645f7a74f43820541aedb0a6a59b25cc831d90e092a3c6f6af7e3c4cc55553547b224233c7872
- SSDEEP
  
  384:twmBWxIy9P07iAf9PmrKhVpanYPLFzBX0pCNcs:tJBWxT9P07HaYzBUwt
Score

1^/10
behavioral24
- Target
  
  OrcusRAT-main/libraries/Orcus.Plugins.dll
- Size
  
  21KB
- MD5
  
  88e74301f491db06cf075502629b6e56
- SHA1
  
  21e970cd1a672fc00eba203ec52a7e4bcb972420
- SHA256
  
  e33b1f7ef345a2fde88b2f70e24f1df739c4db0d33f4c2a6fdbacbc4e4190e91
- SHA512
  
  0efd79562d68912d6526d570be6a9334cbc79df0c68c105b7287ff6f36b5b6c85a7eb99ba8d6b057e86333c0e8909fe50fe49fe42f2c717f10801a88609c4ecd
- SSDEEP
  
  384:+6ZkWsRjBXZXoOx1JeV8c+bh9+kAOzVRlnYPLFzBX0pCN3p9oT:+akWCxZXNM8c+PBRlYzBUwo
Score

1^/10
behavioral25
- Target
  
  OrcusRAT-main/libraries/Orcus.Shared.Utilities.dll
- Size
  
  25KB
- MD5
  
  155e691e9ff9b79b713836b5d469e3b9
- SHA1
  
  17988767d56448bfde33c20d1cd46089ce1f2852
- SHA256
  
  680a6a746f6961b6df5495d91c44bb4007c62090dd76948c45640ed01c0bd56e
- SHA512
  
  e8ad235a5a847a9da3bfc476e44f3cbf7d5c400e6b63c2ce3fce15d2ce7c39a0ae5b9cb13680a9ecc4c36c529f865fdc3351a1dcee37a36902d132f829b908a7
- SSDEEP
  
  384:ef8kdn+jzSzhkRstGzaBLiESs0uSaBBO1y1V3qcNhGPIsnYPLFzBX0pCNFIon:M5dn+PSzhkaszaIYiuq+hGQsYzBUwPn
Score

1^/10
behavioral26
- Target
  
  OrcusRAT-main/libraries/Orcus.Shared.dll
- Size
  
  282KB
- MD5
  
  d5d297629e1b1e77758f4221d1a5bf66
- SHA1
  
  5a56ec678d97ea260dbd40825cd1148332a8e06a
- SHA256
  
  c046865c41a0880ccd223c57e148a1083e7e2fe4da647fa15a04a3dc182da5ae
- SHA512
  
  8cea7bbea5734f9a6054314235be4047fa51408b51e171f94f7a727520efd13e47f1fe0476d2cabcf946d51a6c17ab3cba4f2eb4263e6ff6891e3024eb9fccc7
- SSDEEP
  
  6144:FJ+CnYh6rOxuPT+lnKkCfDNKJb8PyUblrtX:FJ+CY8foJbg3blJX
Score

1^/10
behavioral27
- Target
  
  OrcusRAT-main/libraries/OxyPlot.Wpf.dll
- Size
  
  144KB
- MD5
  
  c316494b1db843582281ae2f9eccbde2
- SHA1
  
  26312cc4a68fd67f6f6bda3108d37f66db74a19a
- SHA256
  
  3db71e9c9e32058e0e45bd925752d639c6599b4f5443a490bcbcd5a490f53f8d
- SHA512
  
  cc751dc8863955c93b4f92399d0799fe4528f4d32d7a199c07122ccc45bb9228e29868fa399c113780e3f8be1d4cfaadc87daca2ff3f0dff0e7ac6b493279b24
- SSDEEP
  
  3072:SurWzjdhaToDY6ybOTLiiDSS1IVJeZqrE0GP:SgWzjdhaToDY6ybOyiDSYISOX
Score

1^/10
behavioral28
- Target
  
  OrcusRAT-main/libraries/OxyPlot.Xps.dll
- Size
  
  13KB
- MD5
  
  6b4a225190459369179a249e8d7e5bf1
- SHA1
  
  9e25a7ac2851d25791188f9bcfab0b2c2a16be19
- SHA256
  
  20ab772bfd879ea0c782988a1773fa75d5edc0260d16872730ec65cfbd571ce4
- SHA512
  
  02f2a66f8f6b289c3f869a65f01ba2aed97c2045caf7b76c66c3e39e758a938477da0d0f5de72ae5b57a27e14dbb9ff31e20947b193dd5fb2a69b73bda3e3e5b
- SSDEEP
  
  192:j54rKI50c9A7gkXc9gM/XQsoahwZvfpi36ketAVQOkwA1XdDiim:O0jXcGMvZBwxfKetBt4b
Score

1^/10
behavioral29
- Target
  
  OrcusRAT-main/libraries/OxyPlot.dll
- Size
  
  487KB
- MD5
  
  9a22574278567ce599b2d5a817c8c0df
- SHA1
  
  05c5e606f2593e969719213475ab0201036ed0c9
- SHA256
  
  8fac7cbc0bd3aca6a6c4a12eb8611251bbae2d64103f55a7ce933c609dde144e
- SHA512
  
  1d538b681b5946f9208ee0a6997597f21175fa19c67522e6cfb1b100cfacffd138a5d39ec342059786254671899ade5ab625e3a5946ad0e3cb1327f9ae142b43
- SSDEEP
  
  6144:qyUbe4JSpQdyhfaWhzYfga42jKSQCGc7zRMJmiw8kErzmCQB1Ul7pGb3tnZ7MqCL:qIKd8+GvcBMciw8hrzVbUZ7MqXZaLNN
Score

1^/10
behavioral30
- Target
  
  OrcusRAT-main/libraries/Sorzus.Wpf.Toolkit.dll
- Size
  
  43KB
- MD5
  
  efc2bbca9bfe174475d17e62ea0f5b4d
- SHA1
  
  3d74ba1d65245fe86cbca4cff525856e9b1755a1
- SHA256
  
  9f025d34cb7dc817df9f7f722c14eff6f2d95946ef24c486c7063d8ce9e0236f
- SHA512
  
  575a9700ea8d4fa1d470632c3654425c816b82c7a5f60c8c9787cc699961d95b2eee82ebedceaa77ec17a96329958235b3a94b6ee868e3a900bcae770506ef23
- SSDEEP
  
  768:UlvlLgCkZirns7LbkaGB/6i9C7i8ttqg4DkjSzxxaP0:Kv5gCv0At6i/GtLjSz7
Score

1^/10
behavioral31
- Target
  
  OrcusRAT-main/server/Orcus.Server.exe
- Size
  
  3.3MB
- MD5
  
  423c84c4e8fe8fa7685ceed43acf8335
- SHA1
  
  7270183b6507932681257b9d9033f51600c4704d
- SHA256
  
  a5e07a905fa95fd8e7370fc706682d823ab9b8974f5867e96f1be9c4e16e0557
- SHA512
  
  ae1bbbe7e51df645f2afd3c64b8a8ae87b71db98929a1f87fd4903ec74a5fe54f6d996dbba71ac4dee985f50bb05ce4dd3df55b4965fab0477f01885146724d4
- SSDEEP
  
  98304:9rVrVr1r4rg+4mRF42/986wgzMOr4KqU2TitpA+OxXIKZExcZr+:jmfZ986wiZ4K15I+fxcA
Score

7^/10

discovery
- Loads dropped DLL
behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Orcus family

Orcurs Rat Executable

Loads dropped DLL

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32