Rewterz Threat Alert – AZORult Malware – Active IOCs
September 14, 2021Rewterz Threat Alert – Remcos RAT – Active IOCs
September 14, 2021Rewterz Threat Alert – AZORult Malware – Active IOCs
September 14, 2021Rewterz Threat Alert – Remcos RAT – Active IOCs
September 14, 2021Severity
High
Analysis Summary
In the past few years Orcus was known as Schnorchel, is a Remote Access Trojan with some odd activity. This RAT enables
attackers to create plugins using a custom development library and offers a robust core feature set that makes it one of the
most dangerous malicious programs in its class.
The ability of Orcus RAT
Keylogging and remote administration
Stealing system information and credentials
Taking screenshots, recording video from Webcams, recording audio from microphones, and disabling webcam light
Executing remote code execution and Denial-of-Service
Exploring/editing registry
Detecting VMs
Reverse Proxying
Real-Time Scripting
Advanced Plugin System
Impact
- Credential Theft
- Financial Loss
Indicators of Compromise
MD5
- 857a1cd1e64ce81bf57b85d154db5291
- 26cca30a6a0865c7359b65cd0a2d8971
- 43c5cbb83346b8a037a82290d3cace90
- a066492ca22f4eb2b9b719c6ef30b1f6
SHA-256
- 898d1732911c458363da98639e408ae9db60c6f13708cfda9b654b163812915e
- cab62a04964719ef8f05eceb190ba0d30e540c02e41ae9070b5b03a27d00261d
- 06054f5176ddd76abe4e0be989523cd4948aac1abb7e809e0fff67ca02239a0f
- 57419c6ac792a87193d21df5c883cdf015fcae99353aeb50e60ff26311378665
SHA-1
- 192fa9b249b667cbbba9d737cad77f46addebb0f
- 7e3d79c8c7e185dd57ee0349572b966212ad28b7
- c724be0c07c85fd7201c186188ba408da9810588
- c480347b0c77ec6bc4e147c5d79ba6555439491f
Remediation
- Block all threat indicators at your respective controls.
- Search for IOCs in your environment.