Rewterz Threat Alert – Ursnif Banking Trojan – Active IOCs
May 30, 2022Rewterz Threat Alert – APT32 Ocean Lotus – Active IOCs
May 30, 2022Rewterz Threat Alert – Ursnif Banking Trojan – Active IOCs
May 30, 2022Rewterz Threat Alert – APT32 Ocean Lotus – Active IOCs
May 30, 2022Severity
High
Analysis Summary
In the past few years Orcus was known as Schnorchel, is a Remote Access Trojan with some odd activity. This RAT enables attackers to create plugins using a custom development library and offers a robust core feature set that makes it one of the most dangerous malicious programs in its class. The ability of Orcus RAT
- Keylogging and remote administration
- Stealing system information and credentials
- Taking screenshots, recording video from Webcams, recording audio from microphones, and disabling webcam light
- Executing remote code execution and Denial-of-Service
- Exploring/editing registry
- Detecting VMs
- Reverse Proxying
- Real-Time Scripting
- Advanced Plugin System
Impact
- Credential Theft
- Financial Loss
Indicators of Compromise
MD5
- e311616ffa4b25eb8670fcda8550ab79
- 0d36045d4736dcb17233613ea02706d6
SHA-256
- 821cb7f70a34bb132ebc12b606b5acb8047d12cc1a5fb454a25ef38f038a418f
- a58b81429f7e821e9c80ee22e036bc00e8bd5cecf4ff0ff251008a76ae965d3d
SHA-1
- f6ab59227a48b805a5ce8ff3e0870e18fe2feae1
- 7200404f19316802c25aae7638a59e4cc5efaf46
Remediation
- Block the threat indicators at their respective controls.
- Do not respond to unexpected emails from untrusted email addresses.