Overview

overview

7

Static

static

3

GameAssembly.dll

windows10-2004-x64

1

RAM.exe

windows10-2004-x64

7

RAM_Data/P...ss.dll

windows10-2004-x64

1

RAM_Data/P...ed.dll

windows10-2004-x64

1

UnityCrash...64.exe

windows10-2004-x64

1

UnityPlayer.dll

windows10-2004-x64

1

baselib.dll

windows10-2004-x64

1

Resubmissions

03-02-2024 06:55

240203-hp5czabeg7 7

03-02-2024 06:52

240203-hnee6adhdp 7

03-02-2024 06:46

240203-hjl97sbdh3 7

03-02-2024 06:41

240203-hfs9cadfhl 3

03-02-2024 06:38

240203-hebb5sdffl 3

03-02-2024 05:47

240203-gg3nqsaee9 8

03-02-2024 05:22

240203-f2tqwscdcm 7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    RAM.zip

  • Size

    31.1MB

  • Sample

    240203-hnee6adhdp

  • MD5

    4ba0b2f8488848eaf1d1bd62d99deac9

  • SHA1

    350abba23726ff7e4b597f72f35e17df33d4eed9

  • SHA256

    72b5e76a8256cf479be8ab736165302405cc399be066f8b9d7eb1ba52520e3c1

  • SHA512

    d698ce29c3d1244b53d244588989091c32d8db97c965fdd457e0f441390c198d5da0b54d72588f5d1db6af44e14227593ecca8af4305975afe22a21021e9d225

  • SSDEEP

    786432:V7g6SJ5g4xZv3Qn4VZ7Mt1dc83+6HJe5XwG30RX+5z3xoO5iIOt0M:V7g665g4xmS7Mt/V+a8XNkRX+BxoO5iH

Score
7/10
persistencespywarestealer

Malware Config

Targets

    • Target

      GameAssembly.dll

    • Size

      23.0MB

    • MD5

      69ce2705f5d51da9c2c0f4479b67075c

    • SHA1

      00efffda43830219d4324d7516072dc8320993bc

    • SHA256

      c42c9115e10d6eaa8101015d200bea986d61c240a088705e6afbe0255b1e811b

    • SHA512

      03a2919e9b97fe544dbef8d18f78a7a0df9beebb1d9c8d46a51f1c96a4e3c87b48d99691f1220d72188af3f02d06a542811f27833bcb60c0a4a1feddd1e97f68

    • SSDEEP

      393216:/jB8Z4r6zOU6mxvzfcfivc+nyz2Phd2ICkrJ9KzAKHGLuaonoDqlZAngyAY:/Rz2ziE

    Score
    1/10
    behavioral1

    • Target

      RAM.exe

    • Size

      651KB

    • MD5

      7cee4e8c43b5c92d57a3d809559c92e0

    • SHA1

      7e6a7013b0d027d58611f2cd6f461f18155ca34a

    • SHA256

      3e93ec5cc0224e1f7c4d6eaa6a34a333526058d622a5466bbcf833f3a1ce625f

    • SHA512

      6216619de06fd7f0e5adde4a4c8860862c265d8a9f70a077656add39a4b5eb1d87325a4d3bb579e0780a5423240356616ecb385b8b5575c09c8c79781aa445d1

    • SSDEEP

      3072:kQJHVdFgIW9mYucJ/OD8JVsIl3rLIr67G2E1:5H7FG9mpcJ/OD8qrn

    Score
    7/10
    persistencespywarestealer

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral2

    • Target

      RAM_Data/Plugins/x86_64/KS_Diagnostics_Process.dll

    • Size

      4.9MB

    • MD5

      9ffd4b950fef075cdc7059c0c7a7c202

    • SHA1

      b043a1d763b6fd943bd5ffd3526566105b34c9f9

    • SHA256

      7f3a6750ad394103070c8370b4b3b96ff93dc7a2a7da543f60b3029f6a73fa8a

    • SHA512

      a2dcbb96007c4e176da08ad92b5b14713abdcbc6007bb856297b6d926e16de1d81fc05b3f6a3d0749c07d7a3ad8f57ee011d3baa0b10e05f001de5d4d92356a5

    • SSDEEP

      49152:ZIW2dGyJkJUkjvR3SGa2MV/b2ecedRIRPCW3+fJI6F38984JFynbdyO+BvjP:7O0iMMVHdRIRPCSghnbdyO+xP

    Score
    1/10
    behavioral3

    • Target

      RAM_Data/Plugins/x86_64/lib_burst_generated.dll

    • Size

      88KB

    • MD5

      58a8dbb61ea3ef9b84cdcf014d3afa7d

    • SHA1

      b5e0f2fb0ea96602e685e78c3cef52fa6711a121

    • SHA256

      eaaaa55a48824983fb40d123700e334b37920b9f6f8c734b671b98ad74e0cc8b

    • SHA512

      e0fdc8d99a55c5edffa8230e47c7224885bef8b67715c95bb8c24dc18196b21d831ddb173c18081ff5935e33b415f122c88ad37527f9a37b6097636b2c6fa991

    • SSDEEP

      1536:+tr1GSuE8nkC87LdySNBmCQzbOC7y3m8jdVDg9cZ+RmsEna93cWwl8:gMSuzylTVInXRpEnk3cWw2

    Score
    1/10
    behavioral4

    • Target

      UnityCrashHandler64.exe

    • Size

      1.1MB

    • MD5

      050c4bb0ff06d89b52af110c2ada1a55

    • SHA1

      73c5768852d7440e31194891054407ee447dcf5b

    • SHA256

      b31f519dcfacd529695a0cc710850b31ef41ab8ab5996b2edb84d97926901918

    • SHA512

      34411c03dac23e5660e8dfa98b4d51dc281c1e8fdaab5303a39269504c9034a89f2110fe5417893feb674aaf16275b980ee27f7d4e0322780a6611000f319298

    • SSDEEP

      12288:skrEdtytWENGu+ptlkekTbkXepg8sTJqT64ux3C1AboWorqZZaiQfz2fzAS:skrEdtytLNJOtlOHsTJqaSibq0gz+zAS

    Score
    1/10
    behavioral5

    • Target

      UnityPlayer.dll

    • Size

      28.6MB

    • MD5

      8b939ab1dfa3dab667623b1e4d5cc4b2

    • SHA1

      fdb1921c1123df7f25007253d65e2d1d8ab9403d

    • SHA256

      a881850d83b247575921a91f98a962ac91eb5f1b3c9622ccc1851cb35945e201

    • SHA512

      1e874c47b33b5560fbae0142eba7f98520a6119326093a569657ef23a98a6b49d0f3b3bd5aea7b397a721df061bdf4b981e7fd28bdecd85cf79a6690977347a6

    • SSDEEP

      393216:C4/5CVR2KpqiFPaRoQlgnx3SVjlmiaxOhlllxcd+dciF4b8czkVn:CqoQynclmg/0bzkB

    Score
    1/10
    behavioral6

    • Target

      baselib.dll

    • Size

      409KB

    • MD5

      da596aeb484d88ff32afba58b10fb704

    • SHA1

      2d8470f26a723e5c79735bf782a1e6420090e0bc

    • SHA256

      b5e1148dffaebc91b997fbb8727fbfebd90a1e7d28b23f95c35ca54940f26a14

    • SHA512

      7ca3f60aca2bd7b33a0acd25dcb52beb7b77e569392dacf5ff57503628e741d42f13c4d34991a4ead1cbf9bbafe25ebba7152055cfa15b4ac56a0115ad984d3a

    • SSDEEP

      6144:hHdA6HG+G5c2xGUGvojVM3eocrlf9dtpV921DmPeh0F6FFDMHWz:1dA6HGtimVVoc3pV921CWX

    Score
    1/10
    behavioral7

MITRE ATT&CK Enterprise v15

Tasks