General
-
Target
Gamesense.rar
-
Size
1.9MB
-
Sample
240618-z9r2ta1dqk
-
MD5
646ec6bb590875f6db2b7653ae8c67cf
-
SHA1
6e2085a5d9e51c62f52309de49e4e1da2a03848a
-
SHA256
7260ccf8becf9a3be8da0d1f04bccf0ac289e4cba63b2932c51cccec68cff542
-
SHA512
a0d3ab13095394a5c39f1c3d31a3fd8849ae14961f54c8b1365977ac016036cd366e31ef1abad97fc622a02f76e81fdc9c5097267f122a6397dab3334605a25c
-
SSDEEP
49152:miPc68rYeVbaqlvfI7HZapI5tj/0NquvFjC5BV2iv37Blldn1:mik68rjVbaqZgHMpIXj/0NqCFjCXZP7R
Behavioral task
behavioral1
Sample
Gamesense.exe
Resource
win10-20240404-en
Behavioral task
behavioral2
Sample
Gamesense.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral3
Sample
Gamesense.exe
Resource
win11-20240508-en
Malware Config
Targets
-
-
Target
Gamesense.exe
-
Size
2.5MB
-
MD5
6e292e2932951e7a1cb7dfc313121a6b
-
SHA1
72cf74f7ecf405b1f72fd3e42f541c30b2ff9fba
-
SHA256
ebcefb989d32ca643f3560d4223e47cbbe2ea3c97755cf93b9b3fbabaf3545cf
-
SHA512
ba6dda938a6c1beb724277b9c1b819d54467ce125de99619d19438d432f2273e785b94cd8c02ee747ceafe91159ce27d6fc891ba57f6365e2d4ff3afb1f06ed9
-
SSDEEP
49152:UbA30sHoNElLsaAB3Olt0BSXYAnjE5fqpCUdwUencN9:UbgHjlLsxeAIj5pCweO
Score10/10-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-