Overview

overview

10

Static

static

10

RAT.exe

windows7-x64

10

RAT.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    RAT.exe

  • Size

    903KB

  • Sample

    250123-n2c25syqaw

  • MD5

    abd73de056896e77aef3e771088a4752

  • SHA1

    c3071c37a40d56694ee2fe0624c0dddeb72041b3

  • SHA256

    6d93347f32f5046a8dff6e59d67f43e1e0c11f51ca718c85e55246a57e49c22c

  • SHA512

    ac32cc3017e996d1ad7755ee7da80c266e432a652bbff5fa136e840ffa11c5c3cd26d9b50094d8df257eb5289abb8e53b9b030a3504f821a4f9592b9d8aedf30

  • SSDEEP

    12288:50XCGPSX0zbyD+ndg+QCImGYUl9qyzlkE2kUNCBfm9rR6W7BaepBwzo7dG1lFlWR:2am4MROxnF4HrrcI0AilFEvxHPRZoo1

Score
10/10
orcusdiscoveryratspywarestealer

Malware Config

Extracted

Family

orcus

C2

195.88.218.126:10134

Mutex

7c04bcf8b3a04c3c8433437cb1b3ce73

Attributes
  • autostart_method

    Disable

  • enable_keylogger

    false

  • install_path

    %programfiles%\Orcus\Orcus.exe

  • reconnect_delay

    10000

  • registry_keyname

    Orcus

  • taskscheduler_taskname

    Orcus

  • watchdog_path

    AppData\OrcusWatchdog.exe

Targets

    • Target

      RAT.exe

    • Size

      903KB

    • MD5

      abd73de056896e77aef3e771088a4752

    • SHA1

      c3071c37a40d56694ee2fe0624c0dddeb72041b3

    • SHA256

      6d93347f32f5046a8dff6e59d67f43e1e0c11f51ca718c85e55246a57e49c22c

    • SHA512

      ac32cc3017e996d1ad7755ee7da80c266e432a652bbff5fa136e840ffa11c5c3cd26d9b50094d8df257eb5289abb8e53b9b030a3504f821a4f9592b9d8aedf30

    • SSDEEP

      12288:50XCGPSX0zbyD+ndg+QCImGYUl9qyzlkE2kUNCBfm9rR6W7BaepBwzo7dG1lFlWR:2am4MROxnF4HrrcI0AilFEvxHPRZoo1

    Score
    10/10
    orcusdiscoveryratspywarestealer

    • Orcus

      Orcus is a Remote Access Trojan that is being sold on underground forums.

      ratspywarestealerorcus

    • Orcus family

      orcus

    • Orcurs Rat Executable

    • Loads dropped DLL

    • Uses the VBS compiler for execution

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks