Overview

overview

10

Static

static

1

Screenshot...40.png

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Screenshot 2023-12-23 164140.png

  • Size

    1KB

  • Sample

    241230-ajb58s1nez

  • MD5

    b86f4fe79abca9572dfd4f9ed534264c

  • SHA1

    dbb80d2d5963190b87b3896a5a6b934ff6fd7ac0

  • SHA256

    9010e9b9567ea3b5ddf9b5ae67d517c686cb6628c13560ec814efbeba4b8c83c

  • SHA512

    2ac3e021942261add5eed856dee2ff71777d4c5dd900b5907a408573ce57861495f0fc53737d1015877ef579bcbb065355718ce06076ebf51dec1f02e57033f4

Score
10/10
orcusdiscoveryratspywarestealer

Malware Config

Targets

    • Target

      Screenshot 2023-12-23 164140.png

    • Size

      1KB

    • MD5

      b86f4fe79abca9572dfd4f9ed534264c

    • SHA1

      dbb80d2d5963190b87b3896a5a6b934ff6fd7ac0

    • SHA256

      9010e9b9567ea3b5ddf9b5ae67d517c686cb6628c13560ec814efbeba4b8c83c

    • SHA512

      2ac3e021942261add5eed856dee2ff71777d4c5dd900b5907a408573ce57861495f0fc53737d1015877ef579bcbb065355718ce06076ebf51dec1f02e57033f4

    Score
    10/10
    orcusdiscoveryratspywarestealer

    • Orcus

      Orcus is a Remote Access Trojan that is being sold on underground forums.

      ratspywarestealerorcus

    • Orcus family

      orcus

    • Orcurs Rat Executable

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks