orcus | 1523a2cef2a26e9b25a3fc81ac28b56b9e7f18bbb86dfc993dc5e9987f024a71 | Triage

Sharing

General

Target

1523a2cef2a26e9b25a3fc81ac28b56b9e7f18bbb86dfc993dc5e9987f024a71
Size

3.0MB
Sample

250104-brxycawldq
MD5

6eff14955f352840b8937f0dc1811e49
SHA1

1e9da08304611fe67b4e8454091d8c4c422392b1
SHA256

1523a2cef2a26e9b25a3fc81ac28b56b9e7f18bbb86dfc993dc5e9987f024a71
SHA512

56ab51d9e6f0a958e0aaf8ef4a8cdcfa49f362af733986c21580a9c6579dd097afad1af3b4704deb282bb3798710cfd8d8c47ba8c2fe5badfa574005da2e5f25
SSDEEP

49152:8flit1ZeM9/3EgHcyH4Z9fVTB4krLzS+HAypQxbOqUo9JnCmLPnGFfhIMdOup:8fEtGjzD5rfLgypSbKo9JCm

Score

10^/10

orcus vt rat spyware stealer

Malware Config

Extracted

Family

orcus

Botnet

VT

C2

91.227.18.174:443

Mutex

00019fe362dc4d06a7aaa7724afda437

Attributes

autostart_method
Disable
enable_keylogger
false
install_path
%programfiles%\Orcus\Orcus.exe
reconnect_delay
10000
registry_keyname
Orcus
taskscheduler_taskname
Orcus
watchdog_path
AppData\OrcusWatchdog.exe

Targets

- Target
  
  1523a2cef2a26e9b25a3fc81ac28b56b9e7f18bbb86dfc993dc5e9987f024a71
- Size
  
  3.0MB
- MD5
  
  6eff14955f352840b8937f0dc1811e49
- SHA1
  
  1e9da08304611fe67b4e8454091d8c4c422392b1
- SHA256
  
  1523a2cef2a26e9b25a3fc81ac28b56b9e7f18bbb86dfc993dc5e9987f024a71
- SHA512
  
  56ab51d9e6f0a958e0aaf8ef4a8cdcfa49f362af733986c21580a9c6579dd097afad1af3b4704deb282bb3798710cfd8d8c47ba8c2fe5badfa574005da2e5f25
- SSDEEP
  
  49152:8flit1ZeM9/3EgHcyH4Z9fVTB4krLzS+HAypQxbOqUo9JnCmLPnGFfhIMdOup:8fEtGjzD5rfLgypSbKo9JCm
Score

10^/10

orcus vt rat spyware stealer
- Orcus
  Orcus is a Remote Access Trojan that is being sold on underground forums.
  rat spyware stealer orcus
- Orcus family
  orcus
- Orcurs Rat Executable
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

orcusvtratspywarestealer

behavioral2

orcusvtratspywarestealer