Overview

overview

10

Static

static

10

OrcusRAT-m...al.url

windows10-ltsc 2021-x64

1

OrcusRAT-m...at.url

windows10-ltsc 2021-x64

1

OrcusRAT-m...on.exe

windows10-ltsc 2021-x64

10

OrcusRAT-m...ll.exe

windows10-ltsc 2021-x64

7

OrcusRAT-m...on.dll

windows10-ltsc 2021-x64

1

OrcusRAT-m...ox.dll

windows10-ltsc 2021-x64

1

OrcusRAT-m...re.dll

windows10-ltsc 2021-x64

1

OrcusRAT-m...as.dll

windows10-ltsc 2021-x64

1

OrcusRAT-m...le.dll

windows10-ltsc 2021-x64

1

OrcusRAT-m...pf.dll

windows10-ltsc 2021-x64

1

OrcusRAT-m...er.dll

windows10-ltsc 2021-x64

1

OrcusRAT-m...op.dll

windows10-ltsc 2021-x64

1

OrcusRAT-m...it.dll

windows10-ltsc 2021-x64

1

OrcusRAT-m...ro.dll

windows10-ltsc 2021-x64

1

OrcusRAT-m...ks.dll

windows10-ltsc 2021-x64

1

OrcusRAT-m...il.dll

windows10-ltsc 2021-x64

1

OrcusRAT-m...og.dll

windows10-ltsc 2021-x64

1

OrcusRAT-m...on.dll

windows10-ltsc 2021-x64

1

OrcusRAT-m...pf.dll

windows10-ltsc 2021-x64

1

OrcusRAT-m...ds.dll

windows10-ltsc 2021-x64

1

OrcusRAT-m...ng.dll

windows10-ltsc 2021-x64

1

OrcusRAT-m...ng.dll

windows10-ltsc 2021-x64

1

OrcusRAT-m...ns.dll

windows10-ltsc 2021-x64

1

OrcusRAT-m...ds.dll

windows10-ltsc 2021-x64

1

OrcusRAT-m...ns.dll

windows10-ltsc 2021-x64

1

OrcusRAT-m...es.dll

windows10-ltsc 2021-x64

1

OrcusRAT-m...ed.dll

windows10-ltsc 2021-x64

1

OrcusRAT-m...pf.dll

windows10-ltsc 2021-x64

1

OrcusRAT-m...ps.dll

windows10-ltsc 2021-x64

1

OrcusRAT-m...ot.dll

windows10-ltsc 2021-x64

1

OrcusRAT-m...it.dll

windows10-ltsc 2021-x64

1

OrcusRAT-m...er.exe

windows10-ltsc 2021-x64

7

Analysis

  • max time kernel
    140s
  • max time network
    149s
  • platform
    windows10-ltsc 2021_x64
  • resource
    win10ltsc2021-20241023-en
  • resource tags

    arch:x64arch:x86image:win10ltsc2021-20241023-enlocale:en-usos:windows10-ltsc 2021-x64system
  • submitted
    28-12-2024 18:38

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    OrcusRAT-main/server/Orcus.Server.exe

  • Size

    3.3MB

  • MD5

    423c84c4e8fe8fa7685ceed43acf8335

  • SHA1

    7270183b6507932681257b9d9033f51600c4704d

  • SHA256

    a5e07a905fa95fd8e7370fc706682d823ab9b8974f5867e96f1be9c4e16e0557

  • SHA512

    ae1bbbe7e51df645f2afd3c64b8a8ae87b71db98929a1f87fd4903ec74a5fe54f6d996dbba71ac4dee985f50bb05ce4dd3df55b4965fab0477f01885146724d4

  • SSDEEP

    98304:9rVrVr1r4rg+4mRF42/986wgzMOr4KqU2TitpA+OxXIKZExcZr+:jmfZ986wiZ4K15I+fxcA

Score
7/10
discovery

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SendNotifyMessage 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\OrcusRAT-main\server\Orcus.Server.exe
    "C:\Users\Admin\AppData\Local\Temp\OrcusRAT-main\server\Orcus.Server.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:2468

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\Costura\2C9662276C8B885676D4578FFA67621B\32\sqlite3.dll
    Filesize

    626KB

    MD5

    d8aec01ff14e3e7ad43a4b71e30482e4

    SHA1

    e3015f56f17d845ec7eef11d41bbbc28cc16d096

    SHA256

    da1d608be064555ab3d3d35e6db64527b8c44f3fa5ddd7c3ec723f80fc99736e

    SHA512

    f5b2f4bda0cc13e1d1c541fb0caea14081ee4daffd497e31a3d4d55d5f9d85a61158b4891a6527efe623b2f32b697ac912320d9be5c0303812ca98dcc8866fcf

    Download Submit

  • memory/2468-16-0x0000000005BD0000-0x0000000005C1C000-memory.dmp

    Filesize

    304KB

    Download

  • memory/2468-31-0x000000007454E000-0x000000007454F000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2468-7-0x0000000005C40000-0x00000000061E6000-memory.dmp

    Filesize

    5.6MB

    Download

  • memory/2468-8-0x0000000005730000-0x00000000057C2000-memory.dmp

    Filesize

    584KB

    Download

  • memory/2468-11-0x0000000074540000-0x0000000074CF1000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/2468-10-0x0000000005B50000-0x0000000005B9C000-memory.dmp

    Filesize

    304KB

    Download

  • memory/2468-9-0x0000000002F20000-0x0000000002F4C000-memory.dmp

    Filesize

    176KB

    Download

  • memory/2468-12-0x00000000065C0000-0x0000000006782000-memory.dmp

    Filesize

    1.8MB

    Download

  • memory/2468-13-0x0000000006CC0000-0x00000000071EC000-memory.dmp

    Filesize

    5.2MB

    Download

  • memory/2468-14-0x00000000058C0000-0x00000000058F0000-memory.dmp

    Filesize

    192KB

    Download

  • memory/2468-33-0x0000000074540000-0x0000000074CF1000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/2468-1-0x0000000000590000-0x00000000008E2000-memory.dmp

    Filesize

    3.3MB

    Download

  • memory/2468-22-0x0000000007200000-0x000000000720A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/2468-18-0x0000000006520000-0x0000000006541000-memory.dmp

    Filesize

    132KB

    Download

  • memory/2468-17-0x0000000006560000-0x000000000659C000-memory.dmp

    Filesize

    240KB

    Download

  • memory/2468-23-0x000000000A010000-0x000000000A2A6000-memory.dmp

    Filesize

    2.6MB

    Download

  • memory/2468-24-0x0000000074540000-0x0000000074CF1000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/2468-25-0x0000000074540000-0x0000000074CF1000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/2468-28-0x000000000C600000-0x000000000C67C000-memory.dmp

    Filesize

    496KB

    Download

  • memory/2468-29-0x0000000002CA0000-0x0000000002CAC000-memory.dmp

    Filesize

    48KB

    Download

  • memory/2468-30-0x0000000002CC0000-0x0000000002CCA000-memory.dmp

    Filesize

    40KB

    Download

  • memory/2468-0-0x000000007454E000-0x000000007454F000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2468-32-0x0000000060900000-0x0000000060992000-memory.dmp

    Filesize

    584KB

    Download

  • memory/2468-15-0x0000000006790000-0x0000000006AE7000-memory.dmp

    Filesize

    3.3MB

    Download