Overview

overview

10

Static

static

10

GTA5-FINAL...SE.exe

windows11-21h2-x64

10

Resubmissions

Analysis

  • max time kernel
    149s
  • max time network
    146s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240508-en
  • resource tags

    arch:x64arch:x86image:win11-20240508-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    04-06-2024 10:27

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    GTA5-FINAL-RELEASE.exe

  • Size

    78KB

  • MD5

    7ca4d82e1aa342c82da6007947163259

  • SHA1

    7875f56bcbb94747c85a54f8bdd465d866e01965

  • SHA256

    689481c56c91f86cf9e6d034cb714e3c92723af3035c00c3c339fcb384258e55

  • SHA512

    1685a6a2169d1ff6daec4de8c4d48d6035048e2604ff28b4aef6de168785d28c60793d417b9d29bb5e81831c595871f9cdee1aed1eec5f1cbb4dd8f5f746b633

  • SSDEEP

    1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+APIC:5Zv5PDwbjNrmAE+kIC

Score
10/10
discordratevasionpersistenceratrootkitstealer

Malware Config

Extracted

Family

discordrat

Attributes
  • discord_token

    MTI0Njg5OTQxNDg5NTk1MTk4Mw.Gcxhsz.QV1m4KTtP0M77UZ2GaIPNr05TtimA7gY4NjqcQ

  • server_id

    1246899988789989576

Signatures

  • Discord RAT

    A RAT written in C# using Discord as a C2.

    stealerrootkitratpersistencediscordrat
  • Disables Task Manager via registry modification
    evasion
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 5 IoCs
  • Checks SCSI registry key(s) 3 TTPs 6 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Modifies Internet Explorer settings 1 TTPs 2 IoCs
    adwarespyware
  • Modifies registry class 25 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 50 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 11 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\GTA5-FINAL-RELEASE.exe
    "C:\Users\Admin\AppData\Local\Temp\GTA5-FINAL-RELEASE.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:5104
  • C:\Windows\system32\control.exe
    "C:\Windows\system32\control.exe" /name Microsoft.AdministrativeTools
    1⤵
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    PID:1636
  • C:\Windows\SysWOW64\DllHost.exe
    C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
    1⤵
      PID:4076
    • C:\Windows\explorer.exe
      C:\Windows\explorer.exe /factory,{5BD95610-9434-43C2-886C-57852CC8A120} -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious behavior: AddClipboardFormatListener
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of WriteProcessMemory
      PID:1664
      • C:\Windows\system32\taskmgr.exe
        "C:\Windows\system32\taskmgr.exe" /7
        2⤵
        • Checks SCSI registry key(s)
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        PID:2388
      • C:\Windows\system32\taskmgr.exe
        "C:\Windows\system32\taskmgr.exe" /7
        2⤵
          PID:4264
        • C:\Windows\system32\taskmgr.exe
          "C:\Windows\system32\taskmgr.exe" /7
          2⤵
          • Checks SCSI registry key(s)
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SendNotifyMessage
          PID:4492

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx
        Filesize

        64KB

        MD5

        9e466b4837d8431be725d6b9c1b4d9ef

        SHA1

        3f247b7c89985a41d839cad351cd0fc182fcb284

        SHA256

        2f9a5eeb5ac8cec52a3e73621e4d392f501f5d657dfec3215ccd40eec317208d

        SHA512

        01de0fda555d63b5c38339b0f6d38c28de2a882643439679e63cf5d75f13516b57dc90e8dfb8c638bda328fc12342e58d1e501acec8f85b92dbd5589dac06418

        Download Submit

      • C:\Users\Admin\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock
        Filesize

        4B

        MD5

        f49655f856acb8884cc0ace29216f511

        SHA1

        cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

        SHA256

        7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

        SHA512

        599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

        Download Submit

      • C:\Users\Admin\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val
        Filesize

        960B

        MD5

        16846df493521e84fe47cd6b6451ec8f

        SHA1

        6d99eb017c5aec08d3a7e908bbd4a051ce250c02

        SHA256

        69f19f2ab2f3625faca623477864766ab1ef3a21712bc892d7b2b0886585b3f9

        SHA512

        aefa5121601b8273cff6b79b7f76417c71e29e835b66faf3e1a67d0d38fb9ebe90320b75493fd5c4a2d9ea3e3c485d0a84bcdbfb78c26a8ecee3175cd8bd93cd

        Download Submit

      • C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db
        Filesize

        14KB

        MD5

        46e73ffc1e2868a135b3581527fc9b0f

        SHA1

        0b7abe15db8fc80d224dabcc087dd7dd0df6acd0

        SHA256

        22522f90bf0e9892dfc52430f72dc8274c9497c7f016043580eab6d5d02223a9

        SHA512

        23b09612e20ad18498066d59e726e26eab1fe9b93ac1114ae32b1325254538a2f9e3fe86a8387684bd32d114d11936ebf4e071008838bf76eb211e965d07842f

        Download Submit

      • memory/2388-20-0x0000021D69920000-0x0000021D69921000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2388-19-0x0000021D69920000-0x0000021D69921000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2388-18-0x0000021D69920000-0x0000021D69921000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2388-14-0x0000021D69920000-0x0000021D69921000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2388-13-0x0000021D69920000-0x0000021D69921000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2388-12-0x0000021D69920000-0x0000021D69921000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2388-24-0x0000021D69920000-0x0000021D69921000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2388-23-0x0000021D69920000-0x0000021D69921000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2388-22-0x0000021D69920000-0x0000021D69921000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2388-21-0x0000021D69920000-0x0000021D69921000-memory.dmp

        Filesize

        4KB

        Download

      • memory/4492-32-0x00000209F6AD0000-0x00000209F6AD1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/4492-35-0x00000209F6AD0000-0x00000209F6AD1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/4492-37-0x00000209F6AD0000-0x00000209F6AD1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/4492-33-0x00000209F6AD0000-0x00000209F6AD1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/4492-36-0x00000209F6AD0000-0x00000209F6AD1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/4492-34-0x00000209F6AD0000-0x00000209F6AD1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/4492-27-0x00000209F6AD0000-0x00000209F6AD1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/4492-26-0x00000209F6AD0000-0x00000209F6AD1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/4492-25-0x00000209F6AD0000-0x00000209F6AD1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/5104-10-0x00007FFCB4D30000-0x00007FFCB57F2000-memory.dmp

        Filesize

        10.8MB

        Download

      • memory/5104-0-0x000001DEB9360000-0x000001DEB9378000-memory.dmp

        Filesize

        96KB

        Download

      • memory/5104-1-0x00007FFCB4D33000-0x00007FFCB4D35000-memory.dmp

        Filesize

        8KB

        Download

      • memory/5104-2-0x000001DED3990000-0x000001DED3B52000-memory.dmp

        Filesize

        1.8MB

        Download

      • memory/5104-3-0x00007FFCB4D30000-0x00007FFCB57F2000-memory.dmp

        Filesize

        10.8MB

        Download

      • memory/5104-4-0x000001DED4C60000-0x000001DED5188000-memory.dmp

        Filesize

        5.2MB

        Download