Overview

overview

10

Static

static

10

OrcusRAT/o...on.exe

windows10-2004-x64

3

OrcusRAT/o...on.exe

windows10-ltsc 2021-x64

3

OrcusRAT/o...on.exe

windows11-21h2-x64

3

OrcusRAT/s...er.exe

windows10-2004-x64

7

OrcusRAT/s...er.exe

windows10-ltsc 2021-x64

7

OrcusRAT/s...er.exe

windows11-21h2-x64

7

OrcusRAT/s...8a.dll

windows10-2004-x64

1

OrcusRAT/s...8a.dll

windows10-ltsc 2021-x64

1

OrcusRAT/s...8a.dll

windows11-21h2-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    OrcusRAT.7z

  • Size

    21.6MB

  • Sample

    250310-ryh1rsykw6

  • MD5

    56b267c137ae52bb5bfd01d62e6e9f95

  • SHA1

    dbca02d965c3fb4ee40de6572016a389be2ee2d8

  • SHA256

    3ad5f2990414da79e320ea8f2ded41993adf0e2d0e0eefb11ab085f7e55f320c

  • SHA512

    e0707e843eed02cc54326c85c0caa1b1006569f8f1f8ad45fc39d7504d8bde6e422b746c599a6ae2d78fda941a4d444d343510a2e0eb95a86d5d8c3780f6d286

  • SSDEEP

    393216:rjae0nXzHlO/rpfCn7mm7xABC9l0cEMkEe2hbZ/f:rme0Ec7mixQG0BEeS1/f

Score
10/10
orcusdiscovery

Malware Config

Targets

    • Target

      OrcusRAT/orсus/orсus 9191/Orcus.Administration.exe

    • Size

      4.0MB

    • MD5

      cc3670f1b3e60e00b43c86d787563a44

    • SHA1

      4f1f8908f0ca7dc5ad01c3029206cc8c9d735e09

    • SHA256

      9ca18641bc6b48708e4314b3f8275860aef6b9ea16cd6230d781f0abaa84c853

    • SHA512

      684e584d8f2c6ace168760faacdd6ef44fbb85ec519805046e7d183ccf9faf4eb6764b84326aba0a90223a5b8354c3f9d055cf2297416b4562ca417924da9442

    • SSDEEP

      49152:zB5DkV7F/Al4gU97zCvyRtQ5SH1veaEX6NrGAiAl4:zB5Dk7/Al4gU97zCvyRC5SBeJAl4

    Score
    3/10
    discovery
    behavioral1behavioral2behavioral3

    • Target

      OrcusRAT/server/Orcus.Server.exe

    • Size

      3.2MB

    • MD5

      700a14ba55fb47f9b8a99ffa92267125

    • SHA1

      43ef6ab246ba72d39cd1a72dd83fee68aceba493

    • SHA256

      594f18a0b5b83c1c64c75830f8e9b2bd4d4629c9c5b9c70b3aa5f0f17b22789a

    • SHA512

      c4ab308a65f267edee887085d358df1ddf83e55fa8f3507209cebc5b44e755f17d583956d170e57e6644d70505a175d58a17f1cdaab13ba7431c4185594804b4

    • SSDEEP

      49152:VB+4yPRRGCvw2/986nZGeE9gwPs+vnEoXevXCdJsur8BF0xXIHnqww5VCkkhQIGa:VB+4mRF42/986wgzMEop+OxXIKZExc8

    Score
    7/10
    discovery

    • Loads dropped DLL

    behavioral4behavioral5behavioral6

    • Target

      OrcusRAT/server/data/a94f5f3c-37c5-40dc-a55f-c56b7fdcba8a

    • Size

      1.5MB

    • MD5

      d49bbcf52fe93e9123ca4db9456ea3c5

    • SHA1

      0dc2169eb1ee61315abe432d465c4028ec58d199

    • SHA256

      8b245e0499064d33e7797b88246ad7ade7382f1700b550c8cdf2cf146b2e0b57

    • SHA512

      1ec9116369357886522b07ed587be44cf0f4a2899fddd676d3223567fe07fd40f74bfcd84f656c558b188d3c09ad8054aa2461e4b4e236eb0e551a245539249c

    • SSDEEP

      24576:GrXhagX91MItueGGOUcTdad9mPcOxHXJNFYByiOlq2Wv50KID:IxaPIXo0uZJNFDo2W6KID

    Score
    1/10
    behavioral7behavioral8behavioral9

MITRE ATT&CK Enterprise v15

Tasks