ed417a65ec07d0e7e0b487730a095b1933a8498c5c05b1f44c4442619cb3f508 | Triage

Submit
Reports

Overview

overview

8

Static

static

3

GalSwapperV1.3.exe

windows10-1703-x64

8

Sharing

General

Target

GalSwapperV1.3.EXE
Size

54.8MB
Sample

240508-mh9rbsfh9y
MD5

1cc49dc1016179affa0db967ab9a66ff
SHA1

61048c1d34262fdd8e9178ac3797235bcfe16d45
SHA256

ed417a65ec07d0e7e0b487730a095b1933a8498c5c05b1f44c4442619cb3f508
SHA512

f758532e1308888dc822885d9c5dd890932786a4d873debceeae2c2e705b0d607c546691475653f77dd3532d07a8bfc55edf0757e00451d3685fd522b4a769ee
SSDEEP

1572864:x/cBu+I3Hq4Ww2Jf70sfPFoaY04qJG+RhZAUsiYDvk:xf0JfVS+Rfu

Score

8^/10

evasion execution persistence pyinstaller upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

GalSwapperV1.3.exe

Resource

win10-20240404-en

evasion execution persistence pyinstaller upx

windows10-1703-x64

20 signatures

300 seconds

Malware Config

Targets

- Target
  
  GalSwapperV1.3.EXE
- Size
  
  54.8MB
- MD5
  
  1cc49dc1016179affa0db967ab9a66ff
- SHA1
  
  61048c1d34262fdd8e9178ac3797235bcfe16d45
- SHA256
  
  ed417a65ec07d0e7e0b487730a095b1933a8498c5c05b1f44c4442619cb3f508
- SHA512
  
  f758532e1308888dc822885d9c5dd890932786a4d873debceeae2c2e705b0d607c546691475653f77dd3532d07a8bfc55edf0757e00451d3685fd522b4a769ee
- SSDEEP
  
  1572864:x/cBu+I3Hq4Ww2Jf70sfPFoaY04qJG+RhZAUsiYDvk:xf0JfVS+Rfu
Score

8^/10

evasion execution persistence pyinstaller upx
- Command and Scripting Interpreter: PowerShell
  Using powershell.exe command.
  execution
- Creates new service(s)
  persistence execution
- Stops running service(s)
  evasion execution
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

System Services

Service Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Service Stop

Tasks

static1

behavioral1

evasionexecutionpersistencepyinstallerupx

© 2018-2025

Terms | Privacy