General

  • Target

    BubbleGum.exe

  • Size

    913KB

  • MD5

    748d9e7dded0fe4061365ef179edf7c2

  • SHA1

    424e254d2994cc84e9fe25cfa4fa70e0525962f0

  • SHA256

    8e95e23ae63cb61ab1ccf577a9fdfc954a86909e0b56ffedba4991ceed2841f1

  • SHA512

    bbe3dd8e067c09e783410a230f1abf515e050ee6c88d9b3d6c25a7dda864d3fb94c1fab94ab315393330ec1d645af08571ebc2f8bff5f9db01d5e0e4f5d0ab9e

  • SSDEEP

    24576:X0M4MROxnFNFPurerrcI0AilFEvxHPZPooI:XuMieerrcI0AilFEvxHP

Score
10/10

Malware Config

Extracted

Family

orcus

C2

192.168.1.78:10134

Mutex

c29f10c39b8e4ad0bdd582b0231f4e4e

Attributes
  • autostart_method

    TaskScheduler

  • enable_keylogger

    false

  • install_path

    %programfiles%\Orcus\Orcus.exe

  • reconnect_delay

    10000

  • registry_keyname

    Orcus

  • taskscheduler_taskname

    Orcus

  • watchdog_path

    AppData\OrcusWatchdog.exe

Signatures

  • Orcurs Rat Executable 1 IoCs
  • Orcus family
  • Orcus main payload 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • BubbleGum.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections