Overview

overview

10

Static

static

10

RDR2-Onlin...at.zip

windows7-x64

1

RDR2-Onlin...at.zip

windows10-2004-x64

8

RDR2-Onlin...V2.rar

windows7-x64

1

RDR2-Onlin...V2.rar

windows10-2004-x64

1

Dennis RDR...s.json

windows7-x64

3

Dennis RDR...s.json

windows10-2004-x64

3

Dennis RDR...E.json

windows7-x64

3

Dennis RDR...E.json

windows10-2004-x64

3

Dennis RDR...B.json

windows7-x64

3

Dennis RDR...B.json

windows10-2004-x64

3

Dennis RDR...R.json

windows7-x64

3

Dennis RDR...R.json

windows10-2004-x64

3

Dennis RDR...U.json

windows7-x64

3

Dennis RDR...U.json

windows10-2004-x64

3

Dennis RDR...R.json

windows7-x64

3

Dennis RDR...R.json

windows10-2004-x64

3

Dennis RDR...N.json

windows7-x64

3

Dennis RDR...N.json

windows10-2004-x64

3

Dennis RDR...W.json

windows7-x64

3

Dennis RDR...W.json

windows10-2004-x64

3

Dennis RDR...er.exe

windows7-x64

7

Dennis RDR...er.exe

windows10-2004-x64

8

<��S5W:.pyc

windows7-x64

<��S5W:.pyc

windows10-2004-x64

Dennis RDR...s.json

windows7-x64

3

Dennis RDR...s.json

windows10-2004-x64

3

Dennis RDR...es.png

windows7-x64

1

Dennis RDR...es.png

windows10-2004-x64

3

RDR2-Onlin...DME.md

windows7-x64

3

RDR2-Onlin...DME.md

windows10-2004-x64

3

Resubmissions

06-01-2025 13:52

250106-q6fd6sxrfx 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    RDR2-Online-V2-v2--Cheat.zip

  • Size

    7.4MB

  • Sample

    250106-q6fd6sxrfx

  • MD5

    f55d6171ae497154d8de874101e1405e

  • SHA1

    18d8e63324c1da69bb29c9ecde08dced7f250862

  • SHA256

    5bd1981e9a8b2c17a40c5db9a7af9e3cbbd8893bc08ea678dec0daf55efb2d59

  • SHA512

    4cb058bade66aa58fbe6fc54671facd5eff9162de64d1a2a3dc0ac7739cbf5c4de363ff335f2b5fd4f5026227cc5aa112fbc5407d5f6a5d900fd8741b6866461

  • SSDEEP

    196608:h/GKyUj/Vwvy+TGLQDkyE9+UYPco2+KNHreh3aFhAaAg:x/yUrVw6+/DkpBo2+KN6lKhvt

Score
10/10
blankgrabbercollectioncredential_accessdefense_evasiondiscoveryexecutionpersistenceprivilege_escalationspywarestealerupx

Malware Config

Targets

    • Target

      RDR2-Online-V2-v2--Cheat.zip

    • Size

      7.4MB

    • MD5

      f55d6171ae497154d8de874101e1405e

    • SHA1

      18d8e63324c1da69bb29c9ecde08dced7f250862

    • SHA256

      5bd1981e9a8b2c17a40c5db9a7af9e3cbbd8893bc08ea678dec0daf55efb2d59

    • SHA512

      4cb058bade66aa58fbe6fc54671facd5eff9162de64d1a2a3dc0ac7739cbf5c4de363ff335f2b5fd4f5026227cc5aa112fbc5407d5f6a5d900fd8741b6866461

    • SSDEEP

      196608:h/GKyUj/Vwvy+TGLQDkyE9+UYPco2+KNHreh3aFhAaAg:x/yUrVw6+/DkpBo2+KN6lKhvt

    Score
    8/10
    collectioncredential_accessdefense_evasiondiscoveryexecutionpersistenceprivilege_escalationspywarestealerupx

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

      execution

    • Drops file in Drivers directory

    • Clipboard Data

      Adversaries may collect data stored in the clipboard from users copying information within or between applications.

      collection

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

      credential_accessstealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Obfuscated Files or Information: Command Obfuscation

      Adversaries may obfuscate content during command execution to impede detection.

      defense_evasion

    • Enumerates processes with tasklist

      discovery

    • Hide Artifacts: Hidden Files and Directories

      defense_evasion

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

    • Target

      RDR2-Online-V2-v2--Cheat/Dennis RDR2 Online Cheat V2.rar.rar

    • Size

      7.4MB

    • MD5

      b58c0208816014c57c18571d5030284f

    • SHA1

      aa56d5b5ff5c20ce6805fa0417d0223bac515edc

    • SHA256

      11d0ba0b15d1808aaa9456fc48a84cb324415fab09fd8f47badedf248f436067

    • SHA512

      7fa3230186272ea2958de62a05cd98bb39980181387130eb32bab3630e5a88b626fb546727c5bb1e25e1e4cb9c6fcb80029d1c268e05d452cf2e3de5748917cc

    • SSDEEP

      196608:X/GKyUj/Vwvy+TGLQDkyE9+UYPco2+KNHreh3aFhAaAK:P/yUrVw6+/DkpBo2+KN6lKhvd

    Score
    1/10
    behavioral3behavioral4

    • Target

      Dennis RDR2 Online Cheat V2.rar/Hotkeys.json

    • Size

      413B

    • MD5

      22d6840963463d4701c1007988b6d3d5

    • SHA1

      ac24b723ca95d43ffce537d862f9e4acd0ca63ac

    • SHA256

      74b3d5014c123d3bfcfbe8d671a22eece61f3b1d3c4feba93bc8105b67fc4d93

    • SHA512

      898d4dc5dd00c085a3375beefebae9826058d17c4eae66703ace6c8f56c6405d4c86728ea9ffc523ba45d219f9c6778c326e5f261b2729762386018c04475f32

    Score
    3/10
    discovery
    behavioral5behavioral6

    • Target

      Dennis RDR2 Online Cheat V2.rar/Language/de_DE.json

    • Size

      119KB

    • MD5

      b475fa31d2dec434d81077cd0b50ed0f

    • SHA1

      3c76adeb7145e50f91f0dd42278ffe67aa4a9531

    • SHA256

      446b3f803948ce411c1a8b7fbbe06275247cbb780be6db9f1c94488fccf52aeb

    • SHA512

      acdd0b320c8bb10a32b75cdd778de58e72f66441057e9585b6a73badb5403cf46223d5c30bc88105d8b63ff340ea3e89f6c4b9d06f63cc950b3e559c3f4f61d0

    • SSDEEP

      1536:TG+M/On6HmjNbrVa1GVJ0kG3IH7ytWc0xaMXrKZSDJmcBUwi8A:UlCB+Wc0xaW+IJmoUwi8A

    Score
    3/10
    discovery
    behavioral7behavioral8

    • Target

      Dennis RDR2 Online Cheat V2.rar/Language/en_GB.json

    • Size

      118KB

    • MD5

      c0fdd25d0d14d477a58f13685d6cd92c

    • SHA1

      0399e86e2f19c2fbeb67888bf2b133d58a0df844

    • SHA256

      7eab5e9ac9b271af7bc82ecbcb9f7dae1a02327f7e53a1c819d349c9c7b8922c

    • SHA512

      c3623d90283f40addc84f69a47a6d9acbf1c44bab0e4eb1db7d388ae714bf6bbb169db68c012dfea2db1cf529369a1ca99cd05c0c5fdc3b77a6106573b36564c

    • SSDEEP

      1536:oURnttzJjRwuLjZiYxn95rmYHWc0xacYSDJmcBUwicA:oqDjZ3Wc0xagJmoUwicA

    Score
    3/10
    discovery
    behavioral10behavioral9

    • Target

      Dennis RDR2 Online Cheat V2.rar/Language/fr_FR.json

    • Size

      119KB

    • MD5

      1aa847a8aad290d94d2cfdf35b19ee87

    • SHA1

      5a8aced9f831b307324bfa7eb1c28a042f8e31be

    • SHA256

      aa26a81ed0092061f6195e96fb7aa183020ec69b39ac7408de844733b5d07e6a

    • SHA512

      bde63eedf3b8ae85b38ffec144c717f117963511ed18e7316fa8bba3f09ad18f3d9f179e834de0de7ab3f38edf031dcf460b069365e305022a5c81ece8b8ed3b

    • SSDEEP

      1536:bnPZ0nUUgWB1v87+IUWNA9kCWcaW1aqSmjA:7VA9kojA

    Score
    3/10
    discovery
    behavioral11behavioral12

    • Target

      Dennis RDR2 Online Cheat V2.rar/Language/ru_RU.json

    • Size

      126KB

    • MD5

      c12d64f7c36a36c453f173a637ee60c2

    • SHA1

      d8d40a13ce46042375cca03036af880342033b74

    • SHA256

      7e8329208cef5763a0be0f59985b22547ddb091f315868d0181943e76b2f1588

    • SHA512

      5074c68bd680c4834eb885df5c0d18e5957b2c94836a66a8c737da2131d3f17e551bee4414330dde9721b0ed2b0886a588d35ddb5c6f9fbb5c74cc3fdd70c8ac

    • SSDEEP

      1536:zp0zasru8IMgpSYxK95Gvxc0xab8YSmJScBUwi6A:zpSzu8IMg9xc0xabpJSoUwi6A

    Score
    3/10
    discovery
    behavioral13behavioral14

    • Target

      Dennis RDR2 Online Cheat V2.rar/Language/tr_TR.json

    • Size

      118KB

    • MD5

      cff3626ca031beb76efede3efe9451dc

    • SHA1

      47832f6b5c50aff8744e93e91c12ade1b99d293d

    • SHA256

      ee858edbae732c5ac29cd28a3218b36bd03c4b412f31574af9ebf6ec10570dee

    • SHA512

      520d9d386cef1219c03ab1758243648be52c1f1ab595c4b3df9eca21145718b2d50925517fb7556ac93a78fc8829a61c1e430d3d65b2ba31b06674cf3c1a29b8

    • SSDEEP

      768:P3UZ9Vc1IYKXtVy4Gg0oRLIX582xVNAsKZrUnMTpTlkxzIY/znznv1KoA9DGHNv7:mVc1Hj4Gg0oRLIq2xZKyMTpTyfpVMY4A

    Score
    3/10
    discovery
    behavioral15behavioral16

    • Target

      Dennis RDR2 Online Cheat V2.rar/Language/zh_CN.json

    • Size

      117KB

    • MD5

      d0c28e17fa52928525cf25979a71e15f

    • SHA1

      b5b2d6cadd6b8f8e4f81c546133152fd9d341eee

    • SHA256

      104866687f05bdaf158f4a8262494b698644ac3ae24e62f1b246b711096ba6f1

    • SHA512

      5583f982eecf77fef138e65a596ef60376341929a500939c69396d07b9fede1cdc66e96909b2de9434ab1dac3aede1d4e1a0fda1978aa6b88b6463704841aed6

    • SSDEEP

      768:i/dZnzFdeGtFgfl45uYh6fiPP6crg8bmjFjNh:2zFdesF6yrg8bmjdf

    Score
    3/10
    discovery
    behavioral17behavioral18

    • Target

      Dennis RDR2 Online Cheat V2.rar/Language/zh_TW.json

    • Size

      117KB

    • MD5

      afe96010f00e2645439f4e558c639f21

    • SHA1

      69214b9b6eb45bb8cee01769c53cf9352a668d6b

    • SHA256

      1ee8079c70368f2134f8ff131436c67d05d2366ce0cb2fb578b73c4ad81c6794

    • SHA512

      1320e1d1f9e804849597ef1676887d0bc87f68f1fc8c65dd39a827f33e321793155405889acbb74953d0530704851794e08479ab965e5aa887eec12d3e038f56

    • SSDEEP

      768:X3e7EmwFxMTv1F4C+ieCdkZm85Z4CHNdq9jZec:ne7EpFqTv1F4dieAUtdq9jZ3

    Score
    3/10
    discovery
    behavioral19behavioral20

    • Target

      Dennis RDR2 Online Cheat V2.rar/Loader.exe

    • Size

      7.3MB

    • MD5

      4a8a6db2d0e2150fede36b9623402ccd

    • SHA1

      f7bc80687c3818ee723ecacc0e6611e630e805a7

    • SHA256

      1945f98ea4eeef0b062c7d8b72ed5101f648619d6e2f251ac849620641c9aafc

    • SHA512

      5fb121f1b915ce1716ea47bffc96549138f6acde3e42c3c92a1c0ef78e7ad1fcad644cb0351b5c9f5c608602d880ab47639c09a120f585224c3508ea8d8a1355

    • SSDEEP

      196608:gvYS6SOshoKMuIkhVastRL5Di3ue1D7305:CYSdOshouIkPftRL54fRE5

    Score
    8/10
    upxcollectioncredential_accessdefense_evasiondiscoveryexecutionpersistenceprivilege_escalationspywarestealer

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

      execution

    • Drops file in Drivers directory

    • Clipboard Data

      Adversaries may collect data stored in the clipboard from users copying information within or between applications.

      collection

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

      credential_accessstealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Obfuscated Files or Information: Command Obfuscation

      Adversaries may obfuscate content during command execution to impede detection.

      defense_evasion

    • Enumerates processes with tasklist

      discovery

    • Hide Artifacts: Hidden Files and Directories

      defense_evasion

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral21behavioral22

    • Target

      <��S5W:.pyc

    • Size

      1KB

    • MD5

      1df4f341a4c461d359bbac8e332e3ae5

    • SHA1

      bd94603da46fd69ad41ba961fd2a95868db7013b

    • SHA256

      e43c6d85657a942dc7b2342caa7094bc2251c9cf90c892dde2dc0577c701d16b

    • SHA512

      7c28475fa8787e5f025bad1b6fe7caf10ba39f0873292d30f1f0dc7a0aaa0669a208ef0b6a5c7b28e3dc3915d4a6de03666db4a054e21517855ed90cfe0deb1b

    Score
    1/10
    behavioral23behavioral24

    • Target

      Dennis RDR2 Online Cheat V2.rar/Settings.json

    • Size

      2KB

    • MD5

      208145d69a913d91894d694cc91d8786

    • SHA1

      31a714e14dd2671ecec3f0946b3dfbd24548c458

    • SHA256

      0477071ba44749a30bdf3a47129d6ff29daf7acd804a4780b9341b0a3e2d1e04

    • SHA512

      9da1419d8ae3c3251411c7f54f32f591c5dd273b3b6e3e3d6a78c694ca20d1e24d964b49cd17cbaf2299e24343b815ff08d61c8425b5454dc678c73d4a50c620

    Score
    3/10
    discovery
    behavioral25behavioral26

    • Target

      Dennis RDR2 Online Cheat V2.rar/Virtual-Key_Codes.png

    • Size

      116KB

    • MD5

      4a9e64b376142ec70c798dd1db86776d

    • SHA1

      7233851650b2175feb9adc1cbbe2ba2bb72edcf6

    • SHA256

      573bf32a40573430384d8d662bd333a46c6645188b5cb999d07c94eae9969d80

    • SHA512

      888f5071ffd5771dc88228363f06305f506c478b7ac92b4c9da3acf2b8280e68166920ba0f0dc7786207396cd6181e32803b06f6ae53f4c25d33250c4ddab6d7

    • SSDEEP

      3072:NLQ59GLjm3Gyzw8DtlniRSz9LxQhHbbz+:6amGYz99Q1+

    Score
    3/10
    behavioral27behavioral28

    • Target

      RDR2-Online-V2-v2--Cheat/README.md

    • Size

      151B

    • MD5

      d348895fc056906803f4002d73a0dce0

    • SHA1

      c5dd482dcbe75ab029c1f1e5cdc4e775df86a836

    • SHA256

      6599cbe3e87d97c073fb787829a45f5b440e955f57f2fb41e5e0a7c73ff3585d

    • SHA512

      79530fc31d6ee68d9219e5b926f2cdef8576cbdf02f502370f41d23e95da3c0ab6d0b85d9986911607b16eca42c8f82da80dcd45e0b82af9f54f6144ac987aca

    Score
    3/10
    discovery
    behavioral29behavioral30

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

2
T1059

PowerShell

2
T1059.001

Persistence

Event Triggered Execution

1
T1546

Netsh Helper DLL

1
T1546.007

Privilege Escalation

Event Triggered Execution

1
T1546

Netsh Helper DLL

1
T1546.007

Defense Evasion

Hide Artifacts

2
T1564

Hidden Files and Directories

2
T1564.001

Obfuscated Files or Information

1
T1027

Command Obfuscation

1
T1027.010

Credential Access

Credentials from Password Stores

1
T1555

Credentials from Web Browsers

1
T1555.003

Unsecured Credentials

3
T1552

Credentials In Files

3
T1552.001

Discovery

Browser Information Discovery

1
T1217

Process Discovery

1
T1057

Remote System Discovery

1
T1018

System Information Discovery

3
T1082

System Location Discovery

1
T1614

System Language Discovery

1
T1614.001

System Network Configuration Discovery

2
T1016

Internet Connection Discovery

1
T1016.001

Wi-Fi Discovery

1
T1016.002

Lateral Movement

Collection

Clipboard Data

1
T1115

Data from Local System

2
T1005

Command and Control

Web Service

1
T1102

Exfiltration

Impact

Tasks

static1

blankgrabber
Score
10/10

behavioral1

Score
1/10

behavioral2

collectioncredential_accessdefense_evasiondiscoveryexecutionpersistenceprivilege_escalationspywarestealerupx
Score
8/10

behavioral3

Score
1/10

behavioral4

Score
1/10

behavioral5

discovery
Score
3/10

behavioral6

Score
3/10

behavioral7

discovery
Score
3/10

behavioral8

Score
3/10

behavioral9

discovery
Score
3/10

behavioral10

Score
3/10

behavioral11

discovery
Score
3/10

behavioral12

Score
3/10

behavioral13

discovery
Score
3/10

behavioral14

Score
3/10

behavioral15

discovery
Score
3/10

behavioral16

Score
3/10

behavioral17

discovery
Score
3/10

behavioral18

Score
3/10

behavioral19

discovery
Score
3/10

behavioral20

Score
3/10

behavioral21

upx
Score
7/10

behavioral22

collectioncredential_accessdefense_evasiondiscoveryexecutionpersistenceprivilege_escalationspywarestealerupx
Score
8/10

behavioral23

Score
1/10

behavioral24

Score
1/10

behavioral25

discovery
Score
3/10

behavioral26

Score
3/10

behavioral27

Score
1/10

behavioral28

Score
3/10

behavioral29

discovery
Score
3/10

behavioral30

Score
3/10