Overview

overview

8

Static

static

1

TSB-GameCl...IN.exe

windows7-x64

4

TSB-GameCl...IN.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    TSB-GameClient-WIN.exe

  • Size

    449.8MB

  • Sample

    231003-zzc5xahe26

  • MD5

    2c2e694d88e755d228c9b5a60d7a5563

  • SHA1

    8548de428f2ff48079ff72f3ff69c10e17d6dbc4

  • SHA256

    6c671ba2224a27f356cdc20b40660bc38a6d36b92236748f9f0d68a38e750eae

  • SHA512

    12887eb3d4d34e7897bd439261974688abfc9b32a719d24ae56090d91dc04a6ea05c85bfceac1ae2243c960d63a98c6641258c02a711a324f43a488e48c8d472

  • SSDEEP

    12582912:nBcAmc3GeQWiuiWC8DtavktkfQv8un5hrebQXLXNqnb7:nBcAmdW9pdq4v8u5hrebIMX

Score
8/10
discoverypersistence

Malware Config

Targets

    • Target

      TSB-GameClient-WIN.exe

    • Size

      449.8MB

    • MD5

      2c2e694d88e755d228c9b5a60d7a5563

    • SHA1

      8548de428f2ff48079ff72f3ff69c10e17d6dbc4

    • SHA256

      6c671ba2224a27f356cdc20b40660bc38a6d36b92236748f9f0d68a38e750eae

    • SHA512

      12887eb3d4d34e7897bd439261974688abfc9b32a719d24ae56090d91dc04a6ea05c85bfceac1ae2243c960d63a98c6641258c02a711a324f43a488e48c8d472

    • SSDEEP

      12582912:nBcAmc3GeQWiuiWC8DtavktkfQv8un5hrebQXLXNqnb7:nBcAmdW9pdq4v8u5hrebIMX

    Score
    8/10
    discoverypersistence

    • Downloads MZ/PE file

    • Adds Run key to start application

      persistence

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks