a1deea5812fdb37484daaa06accdd2040f8a3af12a66498dd7c02eb69335b49a

Sharing

Copy URL

Twitter E-mail

General

Target

RDR2Upscaler-FSR3Build04-Cracked.zip
Size

94.0MB
Sample

240705-ev5n5svdja
MD5

1a286fba63e9d6309420b685a744af85
SHA1

0e765a3ae23ce3e4f5ff1fe1714804141ba55050
SHA256

a1deea5812fdb37484daaa06accdd2040f8a3af12a66498dd7c02eb69335b49a
SHA512

d4c1e38b152d49b8135f2181bdcc5030cbfffae14532a284fe2da09653e79226522470d40f7c6b7847b17c69af4b647bd422ae23a8af8a9a948639f0c6f0e246
SSDEEP

1572864:I8ipkXJ+vZTOYcb34yU5hpvG6t/8N0fGKuDegakk3lnN+2QI:I8ip8+vZTOYi34ygpvrtEaSDer3ln823

Score

5^/10

Malware Config

Targets

- Target
  
  d3d12.dll
- Size
  
  4.6MB
- MD5
  
  c239996dbea8d9b624a4216d1cdfe7e0
- SHA1
  
  b4f22f1fcd639f2ad2ea46fe17cd055fdf5ba133
- SHA256
  
  ba8541aab48706d3fa7e0aab8552ed5bb45909f625cafa43c95b872f918057bc
- SHA512
  
  f1dc1c523040368e0f3111ae9dbfb4e8d0ee0811c2597bead6613963db33c445b8a02165eeb37f91a73fa7f1cb22b57ca0392dd8000cc05824e55b54b3957bc1
- SSDEEP
  
  49152:i7gk6U6SpylC+JCaqIBhObuewzTb7BS2Zr2kFmBNFtw3qa+WQliPPi3xWStl5eq6:LwaqjKHYc3aBW2bWBx5AFciSL
Score

5^/10
- Drops file in System32 directory
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2
- Target
  
  d3dcompiler_47.dll
- Size
  
  4.3MB
- MD5
  
  f4aa4da29f7743862624add81ad691c7
- SHA1
  
  0addaa4d0bd4395bfc02d3025decc23b1b22340c
- SHA256
  
  e93f3c4bcc6dbaffa91d739ac4a941edbc616e00ae18b19e480ca2d382986c56
- SHA512
  
  1f7682753d865b002a3f82fad84e9dbb38586e259166d770e51f179aa615116b2b7244d07016e4b6537b07aba9e1ed607469c2ac79c6216560c7aa2b13a58cc8
- SSDEEP
  
  49152:6Ylc/220PPiMLKam+VMrLi21f4i3jn5ZO3XUDmOZQwVd2uQpN3WsGVUWd55i/jrg:66KD2Mrdaix4NQnL5
Score

1^/10
behavioral3
- Target
  
  mods/RDR2Upscaler.dll
- Size
  
  106KB
- MD5
  
  264b846ea57bd6b29a55e72b0e31d8b4
- SHA1
  
  b38fcf3fab77d94028496d99d18c75d0b14bedb4
- SHA256
  
  dde14ac66b79a5b2ea1726fc43b81af3b5da5a50bd244f295a301892a8ceda27
- SHA512
  
  42eadbb57aa05af0b58e6239e147374f079e02f7965f6ec5233f2f49c686745ad5eb4af780c5553f7cebd9babf60b06b4a386cdf3c6e055b86ced27200e39e6f
- SSDEEP
  
  1536:GQ4ZXyM3ft6xwfCLJO+tQzSkgRIVkVJ/4p4z6JsWyd49dlBWFxa:GQ4ZT6xwm7m5gRgo/4uu0oHW
Score

1^/10
behavioral4 behavioral5
- Target
  
  mods/RDR2Upscaler.org
- Size
  
  6.9MB
- MD5
  
  c1855cfbf83c491123f65022878204bc
- SHA1
  
  56459fa89154a62f467088c31c5b4de4ba4ec0cb
- SHA256
  
  dcb51d09023069cd24067c92a0a51ed908cdd4fc90f227ced04c6bbadabf8b3c
- SHA512
  
  4b0c8d4ea10b6e5441770dfadc8066fc4c0c66820d6f0b8fb3b5f4057569dc7e529e2bab53e438367cbe0325cbe547ab4cca356cc1c2ea2ca26608e404f88762
- SSDEEP
  
  98304:O/wBKqI22QCN2zxZKYlCxNZ6r1kVoqZIt1j7quFwXiyfqydthXUokPZU7k9SCEq9:8wRI22g2Y8VVdIL7h6XicqEC67k9aLI
Score

5^/10
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral6 behavioral7
- Target
  
  mods/UpscalerBasePlugin/PDPerfPlugin.dll
- Size
  
  303KB
- MD5
  
  1fb14188cbe9047b73b03dcdb773a435
- SHA1
  
  8431d379a84e7f95234a840086db98d4c8ad10ed
- SHA256
  
  b333f4095b9faf6bd884c4d2636cb8c8c66c135b019512d11dff4ebb9a464597
- SHA512
  
  178b9dbc9c86867cf93ab1a3dd185efecc90202c25c44cda97c2376c77ea178575c5c0f3c82d84d591eb93cfdfc3ec524b68c90a42b093e44f7479fdb31c7b64
- SSDEEP
  
  3072:b3mijZ5jroIxj9jie0O1KFbHQyLeEFSRUdjtfqYt1:b3mijJ/OeLMFFuaqY
Score

1^/10
behavioral8 behavioral9
- Target
  
  mods/UpscalerBasePlugin/ffx_backend_dx12_x64.dll
- Size
  
  11.9MB
- MD5
  
  9bc36f564a73ee912d1cac170cd4dc4c
- SHA1
  
  3d4ded64be42ca63e3e53762bb8d3fdbeaeeb082
- SHA256
  
  f9c7d61cccf20a58ec264a3939a7e723b8f934d1213ddeacf6048a09a8614b4b
- SHA512
  
  e35bc7b569dfac66f25e35257d79baf5958d57846591af75d32884f0ff63d6078f2e20aa62521b287ca05f666315775077840cbca1eee2c4044c9c1b745f3c17
- SSDEEP
  
  98304:ernf0LsOmNf0U031wD7UqOdwTPu6ZfwYGWQNqLWCQUi:erwOf0Uz7UqowTPu6ZfwYGWQNOFQUi
Score

1^/10
behavioral10 behavioral11
- Target
  
  mods/UpscalerBasePlugin/ffx_frameinterpolation_x64.dll
- Size
  
  29KB
- MD5
  
  6ec56ad8a250ba7f0a6e73ccd77669ea
- SHA1
  
  f15bfec9deaec8da787d3408e90124a93fe62108
- SHA256
  
  bc69fccaf24e3d7fd58410faf4ee8c2ace3431669754ad59b2d6628136de0b8a
- SHA512
  
  5dd1056dfb396408cb8a8c176cff89f8a6a315d292902e4e8ac4ff5ee8459542b3490e365721eaec3d2929c9521e3d5057bbd6b2a850ea4b2199141bae0884c5
- SSDEEP
  
  768:C0JaOV6W2sRpTVoyVgJeEYVD+B9JDFzBArw:XJ3RPRtVofmr
Score

1^/10
behavioral12 behavioral13
- Target
  
  mods/UpscalerBasePlugin/ffx_fsr3_x64.dll
- Size
  
  21KB
- MD5
  
  8bdbad4b738112988b25ad0e978727e4
- SHA1
  
  0c4578005a773cbfdfaca4402b1c9502bd06a709
- SHA256
  
  e6fcb56a91cf135d0c203ac52fad09fd65c1c9faa75e77d97f14223581dcd4bb
- SHA512
  
  8a120ab407bd759a02bce11e9e808daf46a9fb29e848033fd26fd510eb7c4b0d2880e4aeee6b88fcbcdb25dd39eda16e496d77508a2811fdfb838d51f5af10cc
- SSDEEP
  
  384:pslAGqH3Qyrs43TXLg7QXkZYs7uTR8SNWkx5AjDLovA9UY/7hJbDFiv5E:W8Qy33TXLiQXi74rNWkx4DWA9UY/7zJ1
Score

1^/10
behavioral14 behavioral15
- Target
  
  mods/UpscalerBasePlugin/ffx_fsr3upscaler_x64.dll
- Size
  
  43KB
- MD5
  
  e917b4b84960b719b7976dcbcc6fe941
- SHA1
  
  3c18dbe774694b731b00e62b816ce6d8a7946cc6
- SHA256
  
  d77b5f0779c7c698e8f3ffc2a87f74cd123f67f1a5989071069a3a5baefd09f3
- SHA512
  
  f1084f9e178edc4be1521b20c7ad5a854d757c293938ea731b77ab7d2782a1fae66b353cbc695b44dec08e539ce6547cb420a24fe3dc925583860d8611974a52
- SSDEEP
  
  384:zweXGPmAY8/HDMK7JAiwZ240vX1XQnLn/l7uDzOMt8Bx8pyabnYy+UeH2WDRh43:iuAH/zWiw+UT/BCOMt8Bx8vYycDRd
Score

1^/10
behavioral16 behavioral17
- Target
  
  mods/UpscalerBasePlugin/ffx_opticalflow_x64.dll
- Size
  
  36KB
- MD5
  
  c42395fe40195534d3688eef8fab74a5
- SHA1
  
  575d54c0eec00c9dca88825b105e97bfe976b12f
- SHA256
  
  8bf1232d7e7e84bb6b62b96799ffba0f0e0dfcd296b3f4e5a9aee3cd77370df6
- SHA512
  
  784aa9a5f373a9cc88e75641814614ad67bdc40e5497ba47407da352fbdda89afdebb4ddd8f881e26853663a0fd460df779705c4aec33798876ff7d01f92f326
- SSDEEP
  
  384:bzC3hHM8+gpL4sG7r+AK7h4SehooZKSQ+I3e2XxXfsy5H3WXU+Z+K94sJtMbjUUc:kJ8o+LxyUy5mXRZ+GJsJqC
Score

1^/10
behavioral18 behavioral19
- Target
  
  mods/UpscalerBasePlugin/libxess.dll
- Size
  
  64.6MB
- MD5
  
  b0130df92c02efde7c2c4df42d69ee70
- SHA1
  
  fe291f3291db2f111d781562fef11990224ae16d
- SHA256
  
  3170283f328923dcf74e5c86fb08cea88551b4404046ebfbe16d6d3ab56a7d6c
- SHA512
  
  ff63203bc0df4975771a13622cb88617d0b90eda81bc22a1bb21bdef5e60de89a959766adae453d447449993847bca211e9fdf32f068f5d4dcd3c1786310833e
- SSDEEP
  
  786432:j+WvYpT1F9pfcxaaHl4e0aSOJKT8orlZGszfozo+XYyNovm9AjAF+WB:2CcTddDozfoYovm9SAF+WB
Score

1^/10
behavioral20 behavioral21
- Target
  
  mods/UpscalerBasePlugin/nvngx_dlss.dll
- Size
  
  51.2MB
- MD5
  
  217f4069e44c162769bd6f188aa3c8bd
- SHA1
  
  e254fca04209541bdee33655316c9c4bcf976c00
- SHA256
  
  085c955f29d1e789a3713674d139961e9e685bb6f65b8911bd450984139c8c9e
- SHA512
  
  2ba6b312feb731f9e94690acd9426ec080e130de4c416066d71109e164fee11099c5377ae6f5ced8cf100db10487d86d867105be30ef193c771a87f3f65f3393
- SSDEEP
  
  1572864:5sJJs/Ku0LsJJs/Su0TXwsRiTmMQEamlvzRQYET+2DG2V/Q:sC/Ku0KC/Su0TXwKy6tCRQ7T++G2V/Q
Score

1^/10
behavioral22 behavioral23

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Targets

Drops file in System32 directory

Suspicious use of NtSetInformationThreadHideFromDebugger

Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23