OrcusRat Administration Tool Free Download

Share on facebook
Share on google
Share on twitter
Share on linkedin
Join Masterscyber Institute Of Technology for free and Paid Courses And Many More Traning Tools transform your career with degrees certificates Take the next step in your career with a world class learning experience Student Free Earning Facilitis Available Hare & Courses Joining for free

OrcusRat is a modular Remote Access Trojan with some unusual functions. This RAT enables attackers to create plugins using a custom development library and offers a robust core feature set that makes it one of the most dangerous malicious programs in its class

Orcusrat has been advertised as a Remote Administration Tool (RAT) since early It has all the features that would be expected from a RAT and probably

OrcusRat Complete Tutorial || Before discussing the details of this RAT family, let’s discuss how Orcus became a commercially sold RAT.

The attack uses multiple advanced evasive techniques to bypass security tools. In a successful attack, the Orcus RAT can steal browser cookies




The individuals behind OrcusRAT are selling the RAT by advertising it as a ‘Remote Administration Tool’ under a supposedly registered business 

OrcusRat is advertised on its homepage as a remote administration tool, behaving similarly to TeamViewer and other applications. Most of these features 

ORCUS RAT is the perfect RAT for everyone. It provides all standard features like Registry Editor, Webcam, Remote Desktop,… (a full list of all features

Cisco Talos recently discovered a threat actor that has been leveraging RevengeRAT and Orcus RAT in various malware distribution campaigns

Researchers have found modified versions of the Orcus and Revenge RATs being delivered through effective phishing campaigns

OrcusRAT is a Remote Access Trojan that is active since 2016. Orcus was developed by a malware author who goes under the name ‘Sorzus’. This RAT has been sold for $40 since April 2016, with the ability to build custom plugins. Orcus RAT is primarily distributed via spear-phishing emails and drive-by-downloads.

Capabilities of Orcus RAT

The Remote Access Trojan’s capabilities include:

  • Keylogging and remote administration
  • Stealing system information and credentials
  • Taking screenshots, recording video from Webcams, recording audio from microphones, and disabling webcam light
  • Executing remote code execution and Denial-of-Service
  • Exploring/editing registry
  • Detecting VMs
  • Reverse Proxying
  • Real Time Scripting
  • Advanced Plugin System




Orcus RAT distributed via decoy Word document

Researchers spotted a malspam campaign distributing Orcus RAT via malicious Microsoft Word documents.

  • The phishing emails included a malicious MS Word document.
  • Upon opening the document, an automatic download of a malicious RTF file is triggered.
  • This RTF file deploys a remote code execution (RCE) exploit (CVE-2017-8759), which drops the Orcus RAT on the victims’ systems.

Orcus RAT targets Bitcoin investors

A phishing campaign disguised as email marketing for new Bitcoin trading bot dubbed ‘Gunbot’ distributed Orcus RAT.

  • Phishing emails sent to the Bitcoin investors in the guise of email marketing for ‘Gunbot’ included a ZIP attachment.
  • The ZIP attachment contained a Visual Basic script disguised as a JPEG image file.
  • The malicious VB script downloads a binary that delivers and executes Orcus RAT.

Tax-themed phishing campaign

In, researchers spotted various tax-related phishing campaigns targeting the US taxpayers with a range of RATs including Orcus RAT, Netwire, and Remcos RAT.

Ramadan-themed Coca-Cola video distributes Orcus RAT

In researchers observed a malware campaign that distributed Orcus RAT inside a Ramadan-themed Upon clicking the video, a series of downloads and processes were triggered, which includes:

  • Searching for and hijacking a process using a User Access Control (UAC) bypass technique
  • Downloading and executing the RAT that comes attached to the video
  • Harvesting data and sending it back to the attackers’ C&C servers



Revenge RAT and Orcus RAT

In a recent malspam campaign, researchers spotted a threat actor distributing two popular remote access trojans to launch attacks against different organizations across various sectors. The targeted sectors include financial services, information technology, consultancies, and government entities.

The malspam emails purported to come from various authorities such as the Better Business Bureau (BBB), Australian Competition & Consumer Commission (ACCC), Ministry of Business Innovation & Employee (MBIE) and other regional agencies.

The emails included ZIP archives that contained malicious batch files responsible for retrieving the malicious PE32 file and dropping Orcus RAT and Revenge RAT onto victims’ systems.

Download OrcusRat Free

ZIP PASSWORD: www.mastescyber.com





Masterscyber Institute Of Technology

Masterscyber Institute Of Technology

Join the skill-based learning programs at MCIT and launch your career in the technology industry Free Courses Available Hare

Sign up for our Website

Free Joining and Signup Today Join Our Institute Special Discount 30% Extra