Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

Orcus swapper.exe

windows10-ltsc 2021-x64

6

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Orcus swapper.exe

  • Size

    901KB

  • Sample

    250201-cetwla1la1

  • MD5

    c1550485609b58f6c391723124e44983

  • SHA1

    a8f215ac5ab3c38639d2b79e871ba470b5184528

  • SHA256

    2440ed39a2aa011fde6337c3cb2b9cc6554a16318fce7180adc8c18d7076f3ae

  • SHA512

    e6cb0f54f0695e58e8e34eb9e13be2ab759bf12390ba1567afb790094f968a1ddd83e35981c6c80ef41ba2ebbf14ff134efe023a5049b989777476cf8ad08e98

  • SSDEEP

    12288:XTUZ/Y95eo6L4ce7dG1lFlWcYT70pxnnaaoawZRVcTqSA+9rZNrI0AilFEvxHvBG:zqI4MROxnFMLqrZlI0AilFEvxHiTL

Score
10/10
orcus

Malware Config

Extracted

Family

orcus

C2

thursday-ultram.gl.at.ply.gg:43140

Mutex

83da8ce021af464fa24cc00b09ce1f30

Attributes
  • autostart_method

    Disable

  • enable_keylogger

    true

  • install_path

    %programfiles%\Orcus\Orcus.exe

  • reconnect_delay

    10000

  • registry_keyname

    Orcus

  • taskscheduler_taskname

    Orcus

  • watchdog_path

    AppData\OrcusWatchdog.exe

Targets

    • Target

      Orcus swapper.exe

    • Size

      901KB

    • MD5

      c1550485609b58f6c391723124e44983

    • SHA1

      a8f215ac5ab3c38639d2b79e871ba470b5184528

    • SHA256

      2440ed39a2aa011fde6337c3cb2b9cc6554a16318fce7180adc8c18d7076f3ae

    • SHA512

      e6cb0f54f0695e58e8e34eb9e13be2ab759bf12390ba1567afb790094f968a1ddd83e35981c6c80ef41ba2ebbf14ff134efe023a5049b989777476cf8ad08e98

    • SSDEEP

      12288:XTUZ/Y95eo6L4ce7dG1lFlWcYT70pxnnaaoawZRVcTqSA+9rZNrI0AilFEvxHvBG:zqI4MROxnFMLqrZlI0AilFEvxHiTL

    Score
    6/10

    • Drops desktop.ini file(s)

    behavioral1

MITRE ATT&CK Matrix

Tasks