Overview

overview

10

Static

static

10

chinese.exe

windows7-x64

10

chinese.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    chinese.exe

  • Size

    903KB

  • Sample

    250130-n93mrssnbm

  • MD5

    07b9b87f80861417ecc3c39a23cf15c5

  • SHA1

    54c5779d0fd3962bd1f035266230b4171e0985a4

  • SHA256

    1b876b62027101592095ea04b3c9c0d3d851d004d96ca0adfdb075069b1d32b6

  • SHA512

    3e56505e7e226fc134be8123569660e711db45b8da30122b9ec24f4cdc38587f4f0abfa9a522b700c46062926c371af76659133f6ae52a27c0cab3c2c11bc017

  • SSDEEP

    24576:gam4MROxnF4HrrcI0AilFEvxHP5Uaoo1:gOMiaHrrcI0AilFEvxHPa

Score
10/10
orcusdiscoveryratspywarestealer

Malware Config

Extracted

Family

orcus

C2

171.113.133.41:10134

Mutex

01a81235fcb440ecaaedd3af8fc75edd

Attributes
  • autostart_method

    Disable

  • enable_keylogger

    false

  • install_path

    %programfiles%\Orcus\Orcus.exe

  • reconnect_delay

    10000

  • registry_keyname

    Orcus

  • taskscheduler_taskname

    Orcus

  • watchdog_path

    AppData\OrcusWatchdog.exe

Targets

    • Target

      chinese.exe

    • Size

      903KB

    • MD5

      07b9b87f80861417ecc3c39a23cf15c5

    • SHA1

      54c5779d0fd3962bd1f035266230b4171e0985a4

    • SHA256

      1b876b62027101592095ea04b3c9c0d3d851d004d96ca0adfdb075069b1d32b6

    • SHA512

      3e56505e7e226fc134be8123569660e711db45b8da30122b9ec24f4cdc38587f4f0abfa9a522b700c46062926c371af76659133f6ae52a27c0cab3c2c11bc017

    • SSDEEP

      24576:gam4MROxnF4HrrcI0AilFEvxHP5Uaoo1:gOMiaHrrcI0AilFEvxHPa

    Score
    10/10
    orcusdiscoveryratspywarestealer

    • Orcus

      Orcus is a Remote Access Trojan that is being sold on underground forums.

      ratspywarestealerorcus

    • Orcus family

      orcus

    • Orcurs Rat Executable

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks