Rewterz Threat Alert – NJRAT – Active IOCs
September 29, 2021Rewterz Threat Alert – GuLoader Malspam Campaign – Active IOCs
September 29, 2021Rewterz Threat Alert – NJRAT – Active IOCs
September 29, 2021Rewterz Threat Alert – GuLoader Malspam Campaign – Active IOCs
September 29, 2021Severity
Medium
Analysis Summary
In the past few years Orcus was known as Schnorchel, is a Remote Access Trojan with some odd activity. This RAT enables
attackers to create plugins using a custom development library and offers a robust core feature set that makes it one of the
most dangerous malicious programs in its class.
The ability of Orcus RAT
- Keylogging and remote administration
- Stealing system information and credentials
- Taking screenshots, recording video from Webcams, recording audio from microphones, and disabling webcam light
- Executing remote code execution and Denial-of-Service
- Exploring/editing registry
- Detecting VMs
- Reverse Proxying
- Real-Time Scripting
- Advanced Plugin System
Impact
- Credential Theft
- Financial Loss
Indicators of Compromise
MD5
- 857a1cd1e64ce81bf57b85d154db5291
- 4a32572abc1eac38797f674e28899b20
SHA-256
- 898d1732911c458363da98639e408ae9db60c6f13708cfda9b654b163812915e
- c6e0f429ee65b9d3ba84515435632bf2faaaf887d2abe5d0b141f92a19349c93
SHA-1
- 192fa9b249b667cbbba9d737cad77f46addebb0f
- 79ccb2b476254c5f7a4f19bfdb5e116ff9a7b742
Remediation
- Block all threat indicators at your respective controls.
- Search for IOCs in your environment.