orcus | b3d7c8a2a2c7d51bf90a1924ab6b0d3e1b204af05e8c1adb5a3e803b98b8704d | Triage

Sharing

General

Target

b3d7c8a2a2c7d51bf90a1924ab6b0d3e1b204af05e8c1adb5a3e803b98b8704d
Size

3.4MB
Sample

250201-bgw83aspfp
MD5

f2c58894de1eb8486edc2520de080c74
SHA1

914d606bb7cb101beab92ecfdacd3782e28cce71
SHA256

b3d7c8a2a2c7d51bf90a1924ab6b0d3e1b204af05e8c1adb5a3e803b98b8704d
SHA512

2e14c5411a19a692c65e057aaadc81043c6efae70f36777feea221e17e637e17f97e9b89b797a9b8e37d5096f5d5f4ba0549d5176e94adb92b2a43fec9c0510d
SSDEEP

98304:VBo8II1RTVQhfkOBzI1BIoA4FOjfU2TE6fqWq3q:VxII1RTVQhfkSEkH4FmMWqWq3q

Score

10^/10

orcus defense_evasion discovery execution rat

Malware Config

Extracted

Family

orcus

Targets

- Target
  
  b3d7c8a2a2c7d51bf90a1924ab6b0d3e1b204af05e8c1adb5a3e803b98b8704d
- Size
  
  3.4MB
- MD5
  
  f2c58894de1eb8486edc2520de080c74
- SHA1
  
  914d606bb7cb101beab92ecfdacd3782e28cce71
- SHA256
  
  b3d7c8a2a2c7d51bf90a1924ab6b0d3e1b204af05e8c1adb5a3e803b98b8704d
- SHA512
  
  2e14c5411a19a692c65e057aaadc81043c6efae70f36777feea221e17e637e17f97e9b89b797a9b8e37d5096f5d5f4ba0549d5176e94adb92b2a43fec9c0510d
- SSDEEP
  
  98304:VBo8II1RTVQhfkOBzI1BIoA4FOjfU2TE6fqWq3q:VxII1RTVQhfkSEkH4FmMWqWq3q
Score

8^/10

discovery defense_evasion execution
- Stops running service(s)
  defense_evasion execution
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

System Services

Service Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Modify Registry

Credential Access

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Service Stop

Tasks

static1

behavioral1

behavioral2

defense_evasiondiscoveryexecution