Rewterz Threat Alert – FormBook Malware – Active IOCs
September 6, 2021Rewterz Threat Alert – Amadey Botnet – Active IOCs
September 6, 2021Rewterz Threat Alert – FormBook Malware – Active IOCs
September 6, 2021Rewterz Threat Alert – Amadey Botnet – Active IOCs
September 6, 2021Severity
High
Analysis Summary
In the past few years Orcus was known as Schnorchel, is a Remote Access Trojan with some odd activity. This RAT enables
attackers to create plugins using a custom development library and offers a robust core feature set that makes it one of the
most dangerous malicious programs in its class.
The ability of Orcus RAT
- Keylogging and remote administration
- Stealing system information and credentials
- Taking screenshots, recording video from Webcams, recording audio from microphones, and disabling webcam light
- Executing remote code execution and Denial-of-Service
- Exploring/editing registry
- Detecting VMs
- Reverse Proxying
- Real-Time Scripting
- Advanced Plugin System
Impact
- Credential Theft
- Financial Loss
Indicators of Compromise
MD5
- f90166c9e6198638e08c92f6e7e17cbd
- ecabd9d17bc89b99f740730eb2386e23
SHA-256
- e19858859cd0bca4b86d51ef07d06c19238f5a63f09246adca4359d146496589
- 29193442b685f9f90be45ef20f4f1f4db139c36e46d161beeb6508687bec28cb
SHA-1
- aa23f1af1d4fe4dcf5ba7aaef040f07c8d14d24e
- 275dda1da9cb843f9ace1eac4d457891e0e02c61
Remediation
- Block all threat indicators at your respective controls.
- Search for IOCs in your environment.