Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    Galaxy_Swapper_v2.exe

  • Size

    4.7MB

  • Sample

    240309-wtm65see33

  • MD5

    1d0c228d384719d8348c7ca2213055dd

  • SHA1

    a994f33dcd502f50c5849075e06f4d0e9867aebd

  • SHA256

    88f12c6fc3de84fd90dbdbbcc877f883d462b6ec5882631412328e89493e759e

  • SHA512

    9d5b16bf855b4971f65f62f54934648ae739171c19b55e14dff665377c70ebf76cb8fdb02b2d02e8cea5c1374667774f670d4c3373cf9cd89532726860e61b6c

  • SSDEEP

    98304:e3JuhFYwXXRYgqatNTOb69GeDluupSUD3G:e0hyqYgRNTOb69GeD4us

Malware Config

Targets

    • Target

      Galaxy_Swapper_v2.exe

    • Size

      4.7MB

    • MD5

      1d0c228d384719d8348c7ca2213055dd

    • SHA1

      a994f33dcd502f50c5849075e06f4d0e9867aebd

    • SHA256

      88f12c6fc3de84fd90dbdbbcc877f883d462b6ec5882631412328e89493e759e

    • SHA512

      9d5b16bf855b4971f65f62f54934648ae739171c19b55e14dff665377c70ebf76cb8fdb02b2d02e8cea5c1374667774f670d4c3373cf9cd89532726860e61b6c

    • SSDEEP

      98304:e3JuhFYwXXRYgqatNTOb69GeDluupSUD3G:e0hyqYgRNTOb69GeD4us

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Legitimate hosting services abused for malware hosting/C2

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks