orcus | 7ecd8b3a96f79a437837466c772cb384ae4fe1e9ab52b673611dbe55c2fe67a6 | Triage

Submit
Reports

Overview

overview

Static

static

3

m56v9hcw.exe

windows10-ltsc 2021-x64

Sharing

General

Target

m56v9hcw.exe
Size

7.5MB
Sample

250219-p196xs1neq
MD5

2b05de0510522c7ad36572eabc93c268
SHA1

3ecdf3df398138156d82b3706efdfb4318710fe4
SHA256

7ecd8b3a96f79a437837466c772cb384ae4fe1e9ab52b673611dbe55c2fe67a6
SHA512

e26d33bf757ac23427209aba85c2176faa218e43c6882551c6e3001f75424ab68adf6e54acb32e242b321a0ede5e28bf365ab50e4b9873f31c4dd7a6be590050
SSDEEP

196608:pn683kdQkXMCHGLLc54i1wN+DrRRu7NtbFRKnZMZDYhmh1wlxN8:16/TXMCHWUj7rRQ7XbFsn6ZUEWN

Score

10^/10

orcus discovery pyinstaller rat spyware stealer

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

m56v9hcw.exe

Resource

win10ltsc2021-20250217-en

orcus discovery rat spyware stealer

windows10-ltsc 2021-x64

10 signatures

150 seconds

Malware Config

Extracted

Family

orcus

C2

dandev.us.to:10134

Mutex

fb6a52b489b9487e813d904c53c3e426

Attributes

autostart_method
Disable
enable_keylogger
false
install_path
%programfiles%\Orcus\Orcus.exe
reconnect_delay
10000
registry_keyname
Orcus
taskscheduler_taskname
Orcus
watchdog_path
AppData\OrcusWatchdog.exe

Targets

- Target
  
  m56v9hcw.exe
- Size
  
  7.5MB
- MD5
  
  2b05de0510522c7ad36572eabc93c268
- SHA1
  
  3ecdf3df398138156d82b3706efdfb4318710fe4
- SHA256
  
  7ecd8b3a96f79a437837466c772cb384ae4fe1e9ab52b673611dbe55c2fe67a6
- SHA512
  
  e26d33bf757ac23427209aba85c2176faa218e43c6882551c6e3001f75424ab68adf6e54acb32e242b321a0ede5e28bf365ab50e4b9873f31c4dd7a6be590050
- SSDEEP
  
  196608:pn683kdQkXMCHGLLc54i1wN+DrRRu7NtbFRKnZMZDYhmh1wlxN8:16/TXMCHWUj7rRQ7XbFsn6ZUEWN
Score

10^/10

orcus discovery rat spyware stealer
- Orcus
  Orcus is a Remote Access Trojan that is being sold on underground forums.
  rat spyware stealer orcus
- Orcus family
  orcus
- Orcus main payload
- Orcurs Rat Executable
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

orcusdiscoveryratspywarestealer

© 2018-2025

Terms | Privacy