MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c02278c06102c8709cdf3bc9772818ad261926827ee85f069def82b2e843653d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 13

Intelligence 13 IOCs YARA 3 File information Comments

SHA256 hash:	c02278c06102c8709cdf3bc9772818ad261926827ee85f069def82b2e843653d
SHA3-384 hash:	3961fbe66284928d270da409a6544e4a9051134777c40574aac3d3415aa78db3ed86fb33448c2727c0e7a6becbd0295d
SHA1 hash:	3c1e6d2e9f8a6d440c0f1d7244efa1d65d11d34d
MD5 hash:	1cc7659a07315ef610f7c679dc269e86
humanhash:	maine-hawaii-glucose-pluto
File name:	Galaxy Swapper v2.0.3.exe
Download:	download sample
File size:	2'631'960 bytes
First seen:	2025-06-26 19:35:45 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	ba2e85a08868f999406005e4fd137d90 (1 x Rhadamanthys)
ssdeep	49152:nHUYV8zdhG5GhL7VrHMEPnQdnuEixqRZzZtXKs3qFXds5QxVTijrbDV5:n0Ym7tvVr5PniuECm9Zt1qFX9o/V5
Threatray	167 similar samples on MalwareBazaar
TLSH	T1CFC523827EE616E9C456A6708AC7FE7F35B50A7C1E114C0EA4B0FBCBAD136D49836503
TrID	47.3% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13) 15.9% (.EXE) Win64 Executable (generic) (10522/11/4) 9.9% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2) 7.6% (.EXE) Win16 NE executable (generic) (5038/12/1) 6.8% (.EXE) Win32 Executable (generic) (4504/4/1)
Magika	pebin
Reporter	TheRadarGuy
Tags:	exe

Intelligence

File Origin

# of uploads :

# of downloads :

461

Origin country :

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

GalaxySwapperv2.0.3.exe

Verdict:

Malicious activity

Analysis date:

2025-06-26 19:29:46 UTC

Tags:

rhadamanthys shellcode

Link:

https://app.any.run/tasks/bcc83877-0af5-4c2e-b121-43eb14f5fe94

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/11281/

Detection(s):

SecuriteInfo.com.Win32.MalwareX-gen.25197.9732.UNOFFICIAL

Verdict:

Malicious

Score:

93.3%

Link:

https://cyber-fortress.com/docs/result/index.php?id=685d9fa9b06783b9ebd85716

Tags:

vmprotect injection obfusc virus

Result

Verdict:

Malware

Maliciousness:

Behaviour

Creating a window

Сreating synchronization primitives

Launching a process

Unauthorized injection to a system process

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Tags:

invalid-signature overlay packed packed packer_detected signed

Link:

https://www.filescan.io/uploads/685da15d45e80b29f8a0363a/reports/a11960f5-7313-4aba-b46a-626eb612c947/overview

Verdict:

Malicious

Labled as:

Kelios.Generic

Link:

https://www.hybrid-analysis.com/sample/c02278c06102c8709cdf3bc9772818ad261926827ee85f069def82b2e843653d

Verdict:

Suspicious

Link:

https://analyze.intezer.com/analyses/18123d6b-c9ae-4cc9-b6a2-68458da9585a

Score:

99%

Verdict:

Malware

File Type:

Link:

https://malprob.io/report/c02278c06102c8709cdf3bc9772818ad261926827ee85f069def82b2e843653d

Verdict:

inconclusive

YARA:

4 match(es)

Tags:

Executable PE (Portable Executable) Win 32 Exe x86

Link:

https://app.malva.re/file/1cc7659a07315ef610f7c679dc269e86

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/c02278c06102c8709cdf3bc9772818ad261926827ee85f069def82b2e843653d/

Threat name:

Win32.Trojan.Egairtigado

Status:

Malicious

First seen:

2025-06-26 19:29:47 UTC

File Type:

PE (Exe)

AV detection:

19 of 24 (79.17%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=yarhrqdbalehbhg7hpexokayvutbsjucp3uf6bu556blf2cdmu6q._file

Verdict:

malicious

Label(s):

rhadamanthys

1e342385819a0605226b411fe5748f75b33af63ed7d42c30bf61ab361cfa310f

59e08db1acf8f2f2d6f3ac2b3db7b46f2a77c92b7405ba43a970b44e4ead9e5c

6136c6fc5919bc7e677e087f3616830d25d993f366bd9bfbf5a1a28f1285a438

64b5ab61bf52abbad72621534950c673c3a58589088ac471ce50795cf406eab9

85d101826e4917573fa945fa4cee02e6aaa6b71e71c82beb5a96c4d0c9312ea4

8f7bd69ee6113b7d92af4e393bc2d1acee4531f10691c0d1c7aab15f19f424e6

a2f1fa7763b8c5a8b4a79e63262f6b8bcdd7e019ac86bfc9b95f0422a874047d

c2ef3a333be62590a221d7e22b47f94218624f1456e6ca90ecce065aa02051ca

error

f7617b6a8a0e8b04a01abb036a9749675f31b530ee1c6da54029611ab6a1aa11

+ 157 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

10/10

Tags:

discovery

Link:

https://tria.ge/reports/250626-ybmh1aak91/

Behaviour

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

System Location Discovery: System Language Discovery

Deletes itself

Suspicious use of NtCreateUserProcessOtherParentProcess

Verdict:

Malicious

Tags:

n/a

YARA:

n/a

Link:

https://app.threat.zone/submission/ae818e41-c4b8-4511-acca-e87a5cc88ae4

Unpacked files

SH256 hash:

c02278c06102c8709cdf3bc9772818ad261926827ee85f069def82b2e843653d

MD5 hash:

1cc7659a07315ef610f7c679dc269e86

SHA1 hash:

3c1e6d2e9f8a6d440c0f1d7244efa1d65d11d34d

Link:

https://www.unpac.me/results/1e6907cf-3513-4113-bb47-3a3bd3fe17ca/

Malware family:

Rhadamanthys

Verdict:

Malicious

Link:

https://www.vmray.com/analyses/_mb/c02278c06102/report/overview.html

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/c02278c06102c8709cdf3bc9772818ad261926827ee85f069def82b2e843653d

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	DebuggerCheck__API Create hunting rule
Reference:	https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara

Rule name:	PE_Digital_Certificate Create hunting rule
Author:	albertzsigovits

Rule name:	Sus_Obf_Enc_Spoof_Hide_PE Create hunting rule
Author:	XiAnzheng
Description:	Check for Overlay, Obfuscating, Encrypting, Spoofing, Hiding, or Entropy Technique(can create FP)

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

exe c02278c06102c8709cdf3bc9772818ad261926827ee85f069def82b2e843653d

(this sample)

Delivery method

Distributed via web download

Cape

https://www.capesandbox.com/analysis/11281/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample