Overview

overview

10

Static

static

10

Bootstrapp...er.exe

macos-10.15-amd64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Bootstrapper.zip

  • Size

    594KB

  • MD5

    cba0fd160889e92d2dfe3af3c040eea3

  • SHA1

    aff1fae2b93a6763d4995efc74ee1f9fa4e0cfef

  • SHA256

    363dc45b223fd59f5dfc9ea44a41b912ccd944f6cb317a068cd8247a7d0ffe8f

  • SHA512

    95ecf3e544a0c8bf60dd355e6ccb262e90424da2380b859c5fadd8869329a2ba8ed20e00477191fbc1f147f28a64ef0332e570c9e5519d7af09261a660c0ab80

  • SSDEEP

    12288:gteYk7/iCBlGq0Tt0Fb9NnXqaAQzKgQcFBE/Xaau4oe:jYk7/zg0BNXXicLEboe

Score
10/10
orcus

Malware Config

Extracted

Family

orcus

C2

192.168.0.25:10134

Mutex

a5447eba215c43b98853781f7d6d0b95

Attributes
  • autostart_method

    Registry

  • enable_keylogger

    false

  • install_path

    %programfiles%\Orcus\Orcus.exe

  • reconnect_delay

    10000

  • registry_keyname

    Orcus

  • taskscheduler_taskname

    Orcus

  • watchdog_path

    AppData\Windows

Signatures

  • Orcurs Rat Executable 1 IoCs
  • Orcus family
    orcus
  • Orcus main payload 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • Bootstrapper.zip
    .zip
  • Bootstrapper/Solara Bootstrapper.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections