Overview
overview
10Static
static
10my game.zip
windows7-x64
1my game.zip
windows10-2004-x64
8UnityCrash...64.exe
windows7-x64
1UnityCrash...64.exe
windows10-2004-x64
1UnityPlayer.dll
windows7-x64
1UnityPlayer.dll
windows10-2004-x64
1my game.exe
windows7-x64
7my game.exe
windows10-2004-x64
8LF}^���.pyc
windows7-x64
LF}^���.pyc
windows10-2004-x64
General
-
Target
my game.zip
-
Size
18.3MB
-
Sample
250106-k1xtdasnax
-
MD5
10e004e95b0c2a815c75d5513d37618b
-
SHA1
047a55f7e3a69bb95bf1829029a9e9856965ec8d
-
SHA256
dc0d189193c4f14229e8c4172c08b42923d538310f583c6a8375e781fe46730c
-
SHA512
3824c944a0a0c571eee0161756e0fb2fef4242fcd1cd6071c1dda0cc110ae1cdd8b62de6742568b2bade5333dd3ac3b48b3947f56fad3cec3a2ca29716d3e873
-
SSDEEP
393216:l6X5ypCyR1Afz+o3jGY+U9vjwOMoks939InEus5QJ/p397rJzLu:l6X5yW3jLjBMok639InI5QH9XZC
Behavioral task
behavioral1
Sample
my game.zip
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
my game.zip
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
UnityCrashHandler64.exe
Resource
win7-20240903-en
Behavioral task
behavioral4
Sample
UnityCrashHandler64.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral5
Sample
UnityPlayer.dll
Resource
win7-20240903-en
Behavioral task
behavioral6
Sample
UnityPlayer.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral7
Sample
my game.exe
Resource
win7-20240903-en
Behavioral task
behavioral8
Sample
my game.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral9
Sample
LF}^���.pyc
Resource
win7-20240903-en
Behavioral task
behavioral10
Sample
LF}^���.pyc
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
my game.zip
-
Size
18.3MB
-
MD5
10e004e95b0c2a815c75d5513d37618b
-
SHA1
047a55f7e3a69bb95bf1829029a9e9856965ec8d
-
SHA256
dc0d189193c4f14229e8c4172c08b42923d538310f583c6a8375e781fe46730c
-
SHA512
3824c944a0a0c571eee0161756e0fb2fef4242fcd1cd6071c1dda0cc110ae1cdd8b62de6742568b2bade5333dd3ac3b48b3947f56fad3cec3a2ca29716d3e873
-
SSDEEP
393216:l6X5ypCyR1Afz+o3jGY+U9vjwOMoks939InEus5QJ/p397rJzLu:l6X5yW3jLjBMok639InI5QH9XZC
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Obfuscated Files or Information: Command Obfuscation
Adversaries may obfuscate content during command execution to impede detection.
-
Enumerates processes with tasklist
-
-
-
Target
UnityCrashHandler64.exe
-
Size
1.0MB
-
MD5
cd3d03f2fdc2b2000a1e29fe76caeaf4
-
SHA1
940eff470f3f16f5ea7f5a98098642a66e29d923
-
SHA256
c2f80e069314e540da503e5dc4b6e591a95a6f85baa2d074852022a87cb881d8
-
SHA512
0d4c528678566fe62e309e8d752c4c62d629879c0d2de94b24d7bb30add22e10a65952aa9e549c5cb28aa10c3396a919309c91eb8aa16383fad75c4a704fb055
-
SSDEEP
12288:FlApqXQaWflglXxZgigAxI7eZjTDYocqbmVX:FlApGQaWiHZgd0YKjTDY8bYX
Score1/10 -
-
-
Target
UnityPlayer.dll
-
Size
24.7MB
-
MD5
aca60e6be576867d4005333e2c21dc87
-
SHA1
4a097c1a98530531474c2347583d9719a00a153b
-
SHA256
e661981f033e2f1d32db6e44d43c0e0c1783b4cb3115caf393e7722673473317
-
SHA512
67fffc78fea09d0c05beaf675c52e0b143d6dfa647cbf907e3e7f4ff440cf09c55da9a32f82d1afadca0861349ee2d1c068eb6474a7dbbf1970ec211f3566141
-
SSDEEP
393216:41jDPOx/XttNy2h3dF2vPk76GghiYvwGb:4Et1Fk/Pnb
Score1/10 -
-
-
Target
my game.exe
-
Size
32.0MB
-
MD5
1217eb032486aa07a3817155de98c78b
-
SHA1
9550049f3946bba577505cd00da172923e709859
-
SHA256
84059e63a6761b009f45551fea6ee623181747853dfc60249b42602b675266cf
-
SHA512
e0294fbe6d5da99564e4915bdd04996a8032c3fff66055c207815d3b7cf14710a19639d38a8d797db6dba4553abafd082ba9f14584f91c9d13da332ff8a33b48
-
SSDEEP
98304:STDjWM8JEE1F0amaHl3Ne4i3Tf2PkOpfW9hZMMoVmkzhxIdfXeRpYRJJcGhEIFWw:ST0neNTfm/pf+xk4dWRpmrbW3jmrV
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Obfuscated Files or Information: Command Obfuscation
Adversaries may obfuscate content during command execution to impede detection.
-
Enumerates processes with tasklist
-
-
-
Target
LF}^���.pyc
-
Size
1KB
-
MD5
1d57658240ebee57ecf48e845ed0ef21
-
SHA1
07395e334e8802d68728a62ecb27bc6ab35d3ac6
-
SHA256
e2ed0a629f4c36d1b175ecea0309c79139cc06917e4dd8f13acc33e186060482
-
SHA512
75f4c268fc12091a609f8d9a6b1eeb0e239b4053d9fbc19c48800a2648d8d8826c1205891e9d63d826fc3535874bc9886909a98c3a8c80fd09ac6ab51c1475f9
Score1/10 -
MITRE ATT&CK Enterprise v15
Defense Evasion
Hide Artifacts
1Hidden Files and Directories
1Obfuscated Files or Information
1Command Obfuscation
1