Resubmissions

13-06-2024 00:15

240613-ajydgawgpc 7

General

  • Target

    Galaxy Swapper v2.exe

  • Size

    10.7MB

  • Sample

    240604-cjk49ahf71

  • MD5

    3cf7f11e3da78eeb96c558bee781298d

  • SHA1

    f7adb2a33d3697da995f23cad6351434508bac3d

  • SHA256

    87d6a5343b80cf6fb434dca7f7efe2be542974d83756bdb7774750d8f0d5dbbf

  • SHA512

    3684763cd3351c324474d5b081fa791ae5eb29b3d8fa22bc5b1e929617d4badcd563ed620eb1ac1f2265c571660d3bae8eb3caf120cb1d276a3b4c9c0f274661

  • SSDEEP

    196608:QcjhofUFS3J3w25ffH9tOb6Ye2BZiHhWWiVbMOVvu8ovcLFwi8:QAofdztLGicWiVbMOVvuxvcL+i8

Malware Config

Targets

    • Target

      Galaxy Swapper v2.exe

    • Size

      10.7MB

    • MD5

      3cf7f11e3da78eeb96c558bee781298d

    • SHA1

      f7adb2a33d3697da995f23cad6351434508bac3d

    • SHA256

      87d6a5343b80cf6fb434dca7f7efe2be542974d83756bdb7774750d8f0d5dbbf

    • SHA512

      3684763cd3351c324474d5b081fa791ae5eb29b3d8fa22bc5b1e929617d4badcd563ed620eb1ac1f2265c571660d3bae8eb3caf120cb1d276a3b4c9c0f274661

    • SSDEEP

      196608:QcjhofUFS3J3w25ffH9tOb6Ye2BZiHhWWiVbMOVvu8ovcLFwi8:QAofdztLGicWiVbMOVvuxvcL+i8

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v15

Tasks