General

  • Target

    Orcus RAT 1.9.1.zip

  • Size

    22.7MB

  • Sample

    250328-a3r1ssslt5

  • MD5

    16d89509da82189fed1a8a2649d2a168

  • SHA1

    fd8d57cae1952adf0e70d40e57802fb70b9aac3c

  • SHA256

    7753de049d1607a1a5f9686b1d41a6093c7f163742edd9d71e47e76523a3d2f8

  • SHA512

    ec9c7485123183731385bcfc0a247d400588d310a6ec981123fa2e883073ef7b8f1d5f835e31a995b1c010ebea4a6e882038f8e341d6bbc9676952c0dd96d03c

  • SSDEEP

    393216:7zO42vwWQW21/wnn//z8AzU6JvPSBQVEjRoG55998AEuFfIReyDAEjR4:vz2gbgX7/jq1oG5L98AvnM14

Malware Config

Targets

    • Target

      Orcus RAT 1.9.1.zip

    • Size

      22.7MB

    • MD5

      16d89509da82189fed1a8a2649d2a168

    • SHA1

      fd8d57cae1952adf0e70d40e57802fb70b9aac3c

    • SHA256

      7753de049d1607a1a5f9686b1d41a6093c7f163742edd9d71e47e76523a3d2f8

    • SHA512

      ec9c7485123183731385bcfc0a247d400588d310a6ec981123fa2e883073ef7b8f1d5f835e31a995b1c010ebea4a6e882038f8e341d6bbc9676952c0dd96d03c

    • SSDEEP

      393216:7zO42vwWQW21/wnn//z8AzU6JvPSBQVEjRoG55998AEuFfIReyDAEjR4:vz2gbgX7/jq1oG5L98AvnM14

    • Orcus

      Orcus is a Remote Access Trojan that is being sold on underground forums.

    • Orcus family

    • Orcurs Rat Executable

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks