General

  • Target

    Gamesense.exe

  • Size

    21.9MB

  • Sample

    240611-q8n44azcnk

  • MD5

    1264d80c018073e566ff216c4b9f7960

  • SHA1

    660a7e87bc1ee85519757a6474770c6c11527439

  • SHA256

    3c313cf6f9662a39109e6d7d88dab8d7f452707fd4e4148dbb3d9d9ba57e214d

  • SHA512

    fa5f676959a310b21769167a39963ee66a872f070f733b534315aa61d1f24b7f9653f0eb93414ddfff49a9cb96c956ffc26a6d7d3ab7fe65a06522f77fb40254

  • SSDEEP

    393216:U0+ZqJOlGYj1nQ5nnyLhyNldTVVaGHf0ruMVdjSyPHvzmxZC5CS/EWv03uVW9dPy:UtZqJOlGYj1alhTrLHfMjuqHvavC55/r

Malware Config

Targets

    • Target

      Gamesense.exe

    • Size

      21.9MB

    • MD5

      1264d80c018073e566ff216c4b9f7960

    • SHA1

      660a7e87bc1ee85519757a6474770c6c11527439

    • SHA256

      3c313cf6f9662a39109e6d7d88dab8d7f452707fd4e4148dbb3d9d9ba57e214d

    • SHA512

      fa5f676959a310b21769167a39963ee66a872f070f733b534315aa61d1f24b7f9653f0eb93414ddfff49a9cb96c956ffc26a6d7d3ab7fe65a06522f77fb40254

    • SSDEEP

      393216:U0+ZqJOlGYj1nQ5nnyLhyNldTVVaGHf0ruMVdjSyPHvzmxZC5CS/EWv03uVW9dPy:UtZqJOlGYj1alhTrLHfMjuqHvavC55/r

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Checks whether UAC is enabled

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

MITRE ATT&CK Enterprise v15

Tasks