
Real SOC Investigation: Detecting an Infostealer Disguised as a Fake GTA 6 Installer in Under 4 Minutes
MalwareCybersecurityThreatIntelligenceIncidentResponseSOCInfostealer
A user downloaded and executed an unsigned 'GTA6_Setup_Crack_2026.exe' file, which spawned hidden PowerShell processes, dropped an unsigned binary (vcruntime_update.exe) into AppData, and created persistence via a registry Run key and scheduled task. The malware accessed browser credential stores (Chrome, Edge, Firefox), compressed the data into a ZIP file, and attempted to upload it to panelgtasupport[.]top before being blocked. The attack involved DNS queries to four gaming-themed domains linked to command-and-control (C2) infrastructure. The entire infection-to-detection timeline lasted under four minutes.