ff635db42400a8b73bfb2e2428ace9f527393dd3429f6e8422a453ca2fe98720 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

9

Static

static

7

GTA 6 Buil...ll.exe

windows7-x64

9

GTA 6 Buil...ll.exe

windows10-1703-x64

9

GTA 6 Buil...ll.exe

windows10-2004-x64

9

GTA 6 Buil...ll.exe

windows11-21h2-x64

9

Sharing

General

Target

GTA 6 Builder-Install.rar
Size

15.6MB
Sample

240704-njl74aycpe
MD5

6a7189bb6b47eb3637aff370bd6d04be
SHA1

09a2132fa1c20a2b9298b801b4603cfea84d7ac1
SHA256

ff635db42400a8b73bfb2e2428ace9f527393dd3429f6e8422a453ca2fe98720
SHA512

14940bf8e6daf09c333ec4e08dcd5baa1f3910a208692cb2c793973f9d70ac830c9e58fc065441560a0b92f2b12d9dcea7059611ebf7568f4659976cffb91752
SSDEEP

393216:yibHoTBuYxcbH48EptaWLMHVO8ESdGo/PUzqndNktNuMC4HDh:ymEBcbH48gaK8ESdZ/gNuMC0h

Score

9^/10

evasion spyware stealer themida trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

GTA 6 Builder-Install.exe

Resource

win7-20240508-en

evasion spyware stealer themida trojan

windows7-x64

13 signatures

1800 seconds

Behavioral task

behavioral2

Sample

GTA 6 Builder-Install.exe

Resource

win10-20240404-en

evasion spyware stealer themida trojan

windows10-1703-x64

14 signatures

1800 seconds

Behavioral task

behavioral3

Sample

GTA 6 Builder-Install.exe

Resource

win10v2004-20240508-en

evasion themida trojan

windows10-2004-x64

14 signatures

1800 seconds

Behavioral task

behavioral4

Sample

GTA 6 Builder-Install.exe

Resource

win11-20240419-en

evasion spyware stealer themida trojan

windows11-21h2-x64

14 signatures

1800 seconds

Malware Config

Targets

- Target
  
  GTA 6 Builder-Install.exe
- Size
  
  13.2MB
- MD5
  
  76c24a289ef8e97b890585d7727ac384
- SHA1
  
  4f5e5bbd4d24f3d475bd77b30c9f6f62d96f3d64
- SHA256
  
  ecf92b4d201eb858e63d6dd03937de3255ac7bc6f57264753f53306a3a9d7aa2
- SHA512
  
  0d54872ea7cc28f3de62a40eb50b06ace92a4e77144608f2d9e51d4ca60fec5d485bd6bceba8d1f4acea8b20670233a412df4cf5bf29eac17dc723b23ee1128d
- SSDEEP
  
  196608:FexmCr8ywE5Ec0BY36vhmYzr9bD3xRlLlPIIHtOC21rGY+GVz3mAp:UPr8ycYqv9bDflLlggOd+M1p
Score

9^/10

evasion spyware stealer themida trojan
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2 behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionspywarestealerthemidatrojan

behavioral2

evasionspywarestealerthemidatrojan

behavioral3

evasionthemidatrojan

behavioral4

evasionspywarestealerthemidatrojan

© 2018-2025

Terms | Privacy