2ed4cfb162f0e3294823b18e6198465181c56e2d362b37f439c35f57fb92617a | Triage

Submit
Reports

Overview

overview

Static

static

1

FiveM.exe

windows7-x64

3

FiveM.exe

windows11-21h2-x64

Resubmissions

13-01-2025 23:39

250113-3nq46s1jdv 10

13-01-2025 23:24

250113-3dy22asqbl 10

Sharing

General

Target

FiveM.exe
Size

5.0MB
Sample

250113-3nq46s1jdv
MD5

357b5269f142658d15f2ee3f0ff949f4
SHA1

cfd0b2e11701095ed8e38c54c9a275125f989e9c
SHA256

2ed4cfb162f0e3294823b18e6198465181c56e2d362b37f439c35f57fb92617a
SHA512

3305293964364a9b72f30434834e8313883df8c125a40a4730b3795b27cdfe8deae5ebcfaa72f060b5e609764bb46c5a9872738fb691badee9106d78d1468498
SSDEEP

49152:aOjPWNYQnU9fL9qbD1hS29mcC8Nwc8wN+O7ghsm/746YJZPjW/fgUOXdmjYeL9Hq:nnoDwcKheknnKXthTqXXLyb1TFx

Score

10^/10

google riot steam discovery phishing

Static task

static1

Behavioral task

behavioral1

Sample

FiveM.exe

Resource

win7-20240708-en

windows7-x64

10 signatures

900 seconds

Behavioral task

behavioral2

Sample

FiveM.exe

Resource

win11-20241007-en

google riot steam discovery phishing

windows11-21h2-x64

25 signatures

900 seconds

Malware Config

Targets

- Target
  
  FiveM.exe
- Size
  
  5.0MB
- MD5
  
  357b5269f142658d15f2ee3f0ff949f4
- SHA1
  
  cfd0b2e11701095ed8e38c54c9a275125f989e9c
- SHA256
  
  2ed4cfb162f0e3294823b18e6198465181c56e2d362b37f439c35f57fb92617a
- SHA512
  
  3305293964364a9b72f30434834e8313883df8c125a40a4730b3795b27cdfe8deae5ebcfaa72f060b5e609764bb46c5a9872738fb691badee9106d78d1468498
- SSDEEP
  
  49152:aOjPWNYQnU9fL9qbD1hS29mcC8Nwc8wN+O7ghsm/746YJZPjW/fgUOXdmjYeL9Hq:nnoDwcKheknnKXthTqXXLyb1TFx
Score

10^/10

discovery google riot steam phishing
- Detected google phishing page
  phishing google
- Detected riot phishing page
  phishing riot
- A potential corporate email address has been identified in the URL: [email protected]
  phishing
- Drops desktop.ini file(s)
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Network Service Discovery
  Attempt to gather information on host's network.
  discovery
- Detected potential entity reuse from brand STEAM.
  phishing steam
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Browser Information Discovery

Network Service Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

googleriotsteamdiscoveryphishing

© 2018-2025

Terms | Privacy