General

  • Target

    Gamesense.rar

  • Size

    1.9MB

  • Sample

    240618-z9r2ta1dqk

  • MD5

    646ec6bb590875f6db2b7653ae8c67cf

  • SHA1

    6e2085a5d9e51c62f52309de49e4e1da2a03848a

  • SHA256

    7260ccf8becf9a3be8da0d1f04bccf0ac289e4cba63b2932c51cccec68cff542

  • SHA512

    a0d3ab13095394a5c39f1c3d31a3fd8849ae14961f54c8b1365977ac016036cd366e31ef1abad97fc622a02f76e81fdc9c5097267f122a6397dab3334605a25c

  • SSDEEP

    49152:miPc68rYeVbaqlvfI7HZapI5tj/0NquvFjC5BV2iv37Blldn1:mik68rjVbaqZgHMpIXj/0NqCFjCXZP7R

Score
10/10

Malware Config

Targets

    • Target

      Gamesense.exe

    • Size

      2.5MB

    • MD5

      6e292e2932951e7a1cb7dfc313121a6b

    • SHA1

      72cf74f7ecf405b1f72fd3e42f541c30b2ff9fba

    • SHA256

      ebcefb989d32ca643f3560d4223e47cbbe2ea3c97755cf93b9b3fbabaf3545cf

    • SHA512

      ba6dda938a6c1beb724277b9c1b819d54467ce125de99619d19438d432f2273e785b94cd8c02ee747ceafe91159ce27d6fc891ba57f6365e2d4ff3afb1f06ed9

    • SSDEEP

      49152:UbA30sHoNElLsaAB3Olt0BSXYAnjE5fqpCUdwUencN9:UbgHjlLsxeAIj5pCweO

    Score
    10/10
    • DcRat

      DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • DCRat payload

      Detects payload of DCRat, commonly dropped by NSIS installers.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

MITRE ATT&CK Enterprise v15

Tasks