orcus | 0f3e8ee95fa2cc328a2c42642a6eb514132b925ab1e22a1db792f4d717c73f5b | Triage

Submit
Reports

Overview

overview

Static

static

5

0f3e8ee95f...5b.exe

windows7-x64

0f3e8ee95f...5b.exe

windows10-2004-x64

Sharing

General

Target

0f3e8ee95fa2cc328a2c42642a6eb514132b925ab1e22a1db792f4d717c73f5b
Size

2.7MB
Sample

250311-yjvvcasnv2
MD5

28be9d2f6d77d4c7d10724d4f3545b78
SHA1

7c846af9a898034774107a687bb76e9d4253e6eb
SHA256

0f3e8ee95fa2cc328a2c42642a6eb514132b925ab1e22a1db792f4d717c73f5b
SHA512

59e19a541d63db0c353eaa314914144ec8be310afab8883f5546ab92426ee73044ca5378c02a7434428252e62fed256ec98b87787b81e3fcee2c951f224921e8
SSDEEP

24576:HAHnh+eWsN3skA4RV1Hom2KXMmHaf6dKYwjtOFK3EBgLrlNuErLo5i8144OTu6a1:6h+ZkldoPK8YaSXh

Score

10^/10

orcus w1nd3f discovery rat spyware stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

0f3e8ee95fa2cc328a2c42642a6eb514132b925ab1e22a1db792f4d717c73f5b.exe

Resource

win7-20250207-en

orcus w1nd3f discovery rat spyware stealer

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

0f3e8ee95fa2cc328a2c42642a6eb514132b925ab1e22a1db792f4d717c73f5b.exe

Resource

win10v2004-20250217-en

orcus w1nd3f discovery rat spyware stealer

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Extracted

Family

orcus

Botnet

W1ND3F

C2

orcus.airdns.org:2172

Mutex

W1ND3F2238799525ef4ef7b3a20ac12f2d076b

Attributes

autostart_method
Registry
enable_keylogger
true
install_path
%appdata%\HD Audio Driver\Version\4.201\Devices\HD Audio Driver Update.exe
reconnect_delay
10000
registry_keyname
HD Audio Driver Update
taskscheduler_taskname
HD Audio Driver Updater
watchdog_path
AppData\HD Audio Driver Sync.exe

Targets

- Target
  
  0f3e8ee95fa2cc328a2c42642a6eb514132b925ab1e22a1db792f4d717c73f5b
- Size
  
  2.7MB
- MD5
  
  28be9d2f6d77d4c7d10724d4f3545b78
- SHA1
  
  7c846af9a898034774107a687bb76e9d4253e6eb
- SHA256
  
  0f3e8ee95fa2cc328a2c42642a6eb514132b925ab1e22a1db792f4d717c73f5b
- SHA512
  
  59e19a541d63db0c353eaa314914144ec8be310afab8883f5546ab92426ee73044ca5378c02a7434428252e62fed256ec98b87787b81e3fcee2c951f224921e8
- SSDEEP
  
  24576:HAHnh+eWsN3skA4RV1Hom2KXMmHaf6dKYwjtOFK3EBgLrlNuErLo5i8144OTu6a1:6h+ZkldoPK8YaSXh
Score

10^/10

orcus w1nd3f discovery rat spyware stealer
- Orcus
  Orcus is a Remote Access Trojan that is being sold on underground forums.
  rat spyware stealer orcus
- Orcus family
  orcus
- Orcurs Rat Executable
- Drops startup file
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

orcusw1nd3fdiscoveryratspywarestealer

behavioral2

orcusw1nd3fdiscoveryratspywarestealer

© 2018-2025

Terms | Privacy