Overview

overview

8

Static

static

1

Galaxy Swapper.msi

windows7-x64

1

Galaxy Swapper.msi

windows10-2004-x64

8

Resubmissions

19/02/2024, 19:59

240219-yqkyqacf77 8

19/02/2024, 19:55

240219-ym9snscf33 6

19/02/2024, 19:50

240219-ykmv5abh81 6

19/02/2024, 19:39

240219-ydaxzscd25 8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Galaxy Swapper.msi

  • Size

    4.5MB

  • Sample

    240219-yqkyqacf77

  • MD5

    b63bd820a14d8acfbda0eedd7a884268

  • SHA1

    207cbda7e194c02e076984b3ee8edde9475ae426

  • SHA256

    bc7cacf8352f528b20702cd768f57927f7b4c5b697f61942a8574eee9a7de050

  • SHA512

    c632b2a211f8a3e121c927e83a280db4a871d57764557d4b30e3a343ee018fac91a1d5eb9d53d5b61277fe8930c52850981de6fad104522c3e8afc33932999be

  • SSDEEP

    49152:I9ReWK9YwPhH9D+05jvLHd3P9zmH5HhvRaleHBG5q7vG6f4dCItiGS5oW8XlT45N:KmD+ypP0qlehb+Wai0V4BP

Score
8/10

Malware Config

Targets

    • Target

      Galaxy Swapper.msi

    • Size

      4.5MB

    • MD5

      b63bd820a14d8acfbda0eedd7a884268

    • SHA1

      207cbda7e194c02e076984b3ee8edde9475ae426

    • SHA256

      bc7cacf8352f528b20702cd768f57927f7b4c5b697f61942a8574eee9a7de050

    • SHA512

      c632b2a211f8a3e121c927e83a280db4a871d57764557d4b30e3a343ee018fac91a1d5eb9d53d5b61277fe8930c52850981de6fad104522c3e8afc33932999be

    • SSDEEP

      49152:I9ReWK9YwPhH9D+05jvLHd3P9zmH5HhvRaleHBG5q7vG6f4dCItiGS5oW8XlT45N:KmD+ypP0qlehb+Wai0V4BP

    Score
    8/10

    • Blocklisted process makes network request

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks