Rewterz

Rewterz Threat Alert – Ursnif Banking Trojan – Active IOCs

May 30, 2022
Rewterz

Rewterz Threat Alert – APT32 Ocean Lotus – Active IOCs

May 30, 2022

Rewterz Threat Alert – Orcus RAT – Active IOCs

Severity

High

Analysis Summary

In the past few years Orcus was known as Schnorchel, is a Remote Access Trojan with some odd activity. This RAT enables attackers to create plugins using a custom development library and offers a robust core feature set that makes it one of the most dangerous malicious programs in its class. The ability of Orcus RAT 

  • Keylogging and remote administration 
  • Stealing system information and credentials 
  • Taking screenshots, recording video from Webcams, recording audio from microphones, and disabling webcam light 
  • Executing remote code execution and Denial-of-Service 
  • Exploring/editing registry 
  • Detecting VMs 
  • Reverse Proxying 
  • Real-Time Scripting 
  • Advanced Plugin System

Impact

  • Credential Theft
  • Financial Loss

Indicators of Compromise

MD5

  • e311616ffa4b25eb8670fcda8550ab79
  • 0d36045d4736dcb17233613ea02706d6

SHA-256

  • 821cb7f70a34bb132ebc12b606b5acb8047d12cc1a5fb454a25ef38f038a418f
  • a58b81429f7e821e9c80ee22e036bc00e8bd5cecf4ff0ff251008a76ae965d3d

SHA-1

  • f6ab59227a48b805a5ce8ff3e0870e18fe2feae1
  • 7200404f19316802c25aae7638a59e4cc5efaf46

Remediation

  • Block the threat indicators at their respective controls.
  • Do not respond to unexpected emails from untrusted email addresses.

Reading this advisory was a good start.

Make it a habit.

Rewterz publishes threat advisories ahead of mainstream cybersecurity media, informed by an AI-Native Autonomous SOC that sees regional threat actor activity in real time. Subscribe to receive each new advisory as it publishes, plus a monthly Middle East threat landscape brief drawn from our own SOC telemetry. For teams evaluating their detection coverage, a 30-minute consultation with a senior analyst is also available, at your pace, when you're ready.