Severity
High
Analysis Summary
In the past few years Orcus was known as Schnorchel, is a Remote Access Trojan with some odd activity. This RAT enables attackers to create plugins using a custom development library and offers a robust core feature set that makes it one of the most dangerous malicious programs in its class. The ability of Orcus RAT
- Keylogging and remote administration
- Stealing system information and credentials
- Taking screenshots, recording video from Webcams, recording audio from microphones, and disabling webcam light
- Executing remote code execution and Denial-of-Service
- Exploring/editing registry
- Detecting VMs
- Reverse Proxying
- Real-Time Scripting
- Advanced Plugin System
Impact
- Credential Theft
- Financial Loss
Indicators of Compromise
MD5
- a5504844b0e2b7b59e08d5c4e8a2dd19
SHA-256
- 389b36c46d4bd5a2227d7dc65230536cb318e71a9c591878e9a6c319665f5917
SHA-1
- 02410748e97bf4cdb611ed480f6bfd70a35c65ce
Remediation
- Block the threat indicators at their respective controls.
- Do not respond to unexpected emails from untrusted email addresses.