Resubmissions

13-06-2024 00:15

240613-ajydgawgpc 7

General

  • Target

    Galaxy Swapper v2.exe

  • Size

    10.7MB

  • Sample

    240613-ajydgawgpc

  • MD5

    3cf7f11e3da78eeb96c558bee781298d

  • SHA1

    f7adb2a33d3697da995f23cad6351434508bac3d

  • SHA256

    87d6a5343b80cf6fb434dca7f7efe2be542974d83756bdb7774750d8f0d5dbbf

  • SHA512

    3684763cd3351c324474d5b081fa791ae5eb29b3d8fa22bc5b1e929617d4badcd563ed620eb1ac1f2265c571660d3bae8eb3caf120cb1d276a3b4c9c0f274661

  • SSDEEP

    196608:QcjhofUFS3J3w25ffH9tOb6Ye2BZiHhWWiVbMOVvu8ovcLFwi8:QAofdztLGicWiVbMOVvuxvcL+i8

Score
7/10

Malware Config

Targets

    • Target

      Galaxy Swapper v2.exe

    • Size

      10.7MB

    • MD5

      3cf7f11e3da78eeb96c558bee781298d

    • SHA1

      f7adb2a33d3697da995f23cad6351434508bac3d

    • SHA256

      87d6a5343b80cf6fb434dca7f7efe2be542974d83756bdb7774750d8f0d5dbbf

    • SHA512

      3684763cd3351c324474d5b081fa791ae5eb29b3d8fa22bc5b1e929617d4badcd563ed620eb1ac1f2265c571660d3bae8eb3caf120cb1d276a3b4c9c0f274661

    • SSDEEP

      196608:QcjhofUFS3J3w25ffH9tOb6Ye2BZiHhWWiVbMOVvu8ovcLFwi8:QAofdztLGicWiVbMOVvuxvcL+i8

    Score
    7/10
    • .NET Reactor proctector

      Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.

    • Executes dropped EXE

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks