Threat Database Backdoors Backdoor.Orcus

Backdoor.Orcus

By GoldSparrow in Backdoors

Threat Scorecard

Ranking: 3,988
Threat Level: 60 % (Medium)
Infected Computers: 3,846
First Seen: July 6, 2016
Last Seen: September 19, 2023
OS(es) Affected: Windows

Backdoor.MoSucker (also known as Backdoor.Orcus) is a generic Trojan that threat actors deploy to users via exploit kits and spam emails. The Backdoor.MoSucker Trojan features the same capabilities you can find in remote access tools like TeamViewer and LogMeIn with added functionality. The Backdoor.MoSucker program can be used by threat actors to kill, run and modify processes on the infected system. Backdoor.MoSucker can move, rename and delete files on the local disk. The Trojan can log the user's activity and change the desktop background image. Also, the malware can be instructed to show message boxes, change data & time properties, restart the PC and modify the Windows Registry.

The Backdoor.MoSucker Trojan is configured to maintain a constant connection to its 'Command and Control' servers as long as the infected machine is turned on. Compromised users may notice strange movements of their mouse cursor and keyboard input that is not consistent with their commands. Backdoor.MoSucker can restrict the user's ability to issue commands to the compromised system and transform the device into a proxy for a remote user's advantage. Infected machines may be used to hide the network traffic of threat actors and even execute DDoS (Distributed Denial of Service) attacks. It is advised to remove the Backdoor.MoSucker Trojan in offline mode using a trusted anti-malware scanner.

Detection names for Backdoor.MoSucker by AVs:

BKDR_MOSUCK.A
BackDoor.Mosu
Backdoor.Generic.180860
Backdoor.Win32.MoSucker.dd!IK
Backdoor.Win32.Mocbot.bn
Heuristic.LooksLike.Win32.Spypro.B
Packer.Morphine.Gen (v)
TR/Crypt.Morphine.Gen
TrojWare.Win32.PkdMorphine.~AN
W32/Troj_Obfusc.Z.gen!Eldorado
Win-Trojan/Mosucker.75506
Win32:MoSucker-N [Trj]

SpyHunter Detects & Remove Backdoor.Orcus

File System Details

Backdoor.Orcus may create the following file(s):
# File Name MD5 Detections
1. file.exe 956098914ea294ef80ed87da2dae7eda 0

Registry Details

Backdoor.Orcus may create the following registry entry or registry entries:
Regexp file mask
%APPDATA%\.orcusInstallation
%APPDATA%\Orcus\Microsoft\DriverManager.exe
%WinDir%\System32\Tasks\Orcus Respawner

Directories

Backdoor.Orcus may create the following directory or directories:

%APPDATA%\Orcus
%PROGRAMFILES%\os
%PROGRAMFILES(x86)%\os

Trending

Most Viewed

Loading...