orcus | cc5933a763eeb7221f5580109125046de6e4f81b89b66705548d086f426fa056 | Triage

Sharing

General

Target

cc5933a763eeb7221f5580109125046de6e4f81b89b66705548d086f426fa056
Size

3.0MB
Sample

250211-nx5xcsxmev
MD5

d9d22a1e0d78ef5619038b14443491e5
SHA1

a1951b9da5b34a4238ddf90c4ca09656b1fc643d
SHA256

cc5933a763eeb7221f5580109125046de6e4f81b89b66705548d086f426fa056
SHA512

fe52ef7b8aa669bcee6d5bc7e83f0daaf3667b273c333f6e064e5535ce84c580324468e2b52ef5d09998388cf4105ef36e373f8c795452c14e73f1ebf8be0795
SSDEEP

49152:XgHl3lkZKMw+3tuF8BJU0MwjAypQxb5hoSo9JnCmnWMrxwI0AilFCvxHT:XgF3lzC3sgu0M1ypSb7Zo9JCmn

Score

10^/10

orcus 44 discovery

Malware Config

Extracted

Family

orcus

Botnet

44

C2

127.0.0.1:10134

Mutex

00ac5377a4d84018a0ee445dcd6daa2f

Attributes

autostart_method
Disable
enable_keylogger
false
install_path
%programfiles%\Orcus\Orcus.exe
reconnect_delay
10000
registry_keyname
Orcus
taskscheduler_taskname
Orcus
watchdog_path
AppData\OrcusWatchdog.exe

Targets

- Target
  
  cc5933a763eeb7221f5580109125046de6e4f81b89b66705548d086f426fa056
- Size
  
  3.0MB
- MD5
  
  d9d22a1e0d78ef5619038b14443491e5
- SHA1
  
  a1951b9da5b34a4238ddf90c4ca09656b1fc643d
- SHA256
  
  cc5933a763eeb7221f5580109125046de6e4f81b89b66705548d086f426fa056
- SHA512
  
  fe52ef7b8aa669bcee6d5bc7e83f0daaf3667b273c333f6e064e5535ce84c580324468e2b52ef5d09998388cf4105ef36e373f8c795452c14e73f1ebf8be0795
- SSDEEP
  
  49152:XgHl3lkZKMw+3tuF8BJU0MwjAypQxb5hoSo9JnCmnWMrxwI0AilFCvxHT:XgF3lzC3sgu0M1ypSb7Zo9JCmn
Score

8^/10

discovery
- Downloads MZ/PE file
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2