Rewterz Threat Alert – AveMaria RAT – Active IOCs
June 17, 2022Rewterz Threat Alert – NJRAT – Active IOCs
June 17, 2022Rewterz Threat Alert – AveMaria RAT – Active IOCs
June 17, 2022Rewterz Threat Alert – NJRAT – Active IOCs
June 17, 2022Severity
High
Analysis Summary
In the past few years Orcus was known as Schnorchel, is a Remote Access Trojan with some odd activity. This RAT enables attackers to create plugins using a custom development library and offers a robust core feature set that makes it one of the most dangerous malicious programs in its class. The ability of Orcus RAT
- Keylogging and remote administration
- Stealing system information and credentials
- Taking screenshots, recording video from Webcams, recording audio from microphones, and disabling webcam light
- Executing remote code execution and Denial-of-Service
- Exploring/editing registry
- Detecting VMs
- Reverse Proxying
- Real-Time Scripting
- Advanced Plugin System
Government entities, financial services organizations, information technology service providers, and consultancies are the main target sectors of Orcus RAT.
Impact
- Credential Theft
- Financial Loss
Indicators of Compromise
MD5
- a3a4ea359917b60700350593b8a33854
- 6e2c8c1abdbc063459bde994e2c47df5
- cff129bdeb73710aa1151617786751f9
SHA-256
- e543dcb7962c48ec94197ff23b2bcaf77a9ad81511f3bab48192ba90d1d42a4f
- cac02eeb29eae48d7e98e67f212efec9807e59595fc297d9c719a71677d4de45
- 98e48ef72c334a5989b210a82403030fbb3ba43896ceef3709349389ff7d11c0
SHA-1
- c613e8007e110e5b7888e2a95e3fe3854666c15f
- 7ad6f5cee8e1eed4d0bb67d7b77436d91fa962af
- d9786a9eeceb425ffd6274a2c329b9e6e29e15c4
Remediation
- Block the threat indicators at their respective controls.
- Do not respond to unexpected emails from untrusted email addresses.