Analysis
-
max time kernel
30s -
max time network
33s -
platform
windows10-2004_x64 -
resource
win10v2004-20221111-en -
resource tags
-
submitted
30/01/2023, 12:06
General
-
Target
Steam Machine Checker/Steam Machine Checker/Steam Machine Checker.exe
-
Size
858KB
-
MD5
669fabfda5514cd557150d678226b0e2
-
SHA1
60cd496831da31abc1b0867fc9aefa87d1294c36
-
SHA256
82e9cb3ae011c0b498153d895873dfad35abb9be14d1fa696d92f921b34b3e22
-
SHA512
09093942e206a71d3ea3b5b5e209903490174a5bfb6f912499399cba487631e53813bbf8656461d6c1f1aa5cef0ff290e1733e4fc8212eeb28230349e05c8a0f
-
SSDEEP
12288:mHyVa8ngAu2b3BhxN6qjziyoNL4bVwBJ4p31:fgpE3XxNdj4L48Jm
Malware Config
Signatures
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE 2 IoCs
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL 1 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious behavior: EnumeratesProcesses 36 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
-
Suspicious use of SetWindowsHookEx 1 IoCs
-
Suspicious use of WriteProcessMemory 6 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\Steam Machine Checker\Steam Machine Checker\Steam Machine Checker.exe"C:\Users\Admin\AppData\Local\Temp\Steam Machine Checker\Steam Machine Checker\Steam Machine Checker.exe"1⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Roaming\Google Chrome.exe"C:\Users\Admin\AppData\Roaming\Google Chrome.exe"2⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Users\Admin\AppData\Local\Temp\Steam Machine Checker\Steam Machine Checker\SteamMachine[x86].exe"C:\Users\Admin\AppData\Local\Temp\Steam Machine Checker\Steam Machine Checker\SteamMachine[x86].exe"2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
57KB
MD59e7f44b8f1512476aa896e977c58830b
SHA1eddd878d9e16502ee1eb7f583dd04e01b458ba42
SHA2568e6195b50bb0d22e4d346263f708f166db726c84884fe78a6bb477caed19e708
SHA512ea52b71dc58e081d0e6c1336e7bf8422d7240c8a502c790075c6ebfe88f8ff70cd2bf43d34b8c604c08d867202359f8bd35c3a0b8d2eefefe826ccd2e5c8c802
-
Filesize
415KB
MD5067a03373e2853841472022f821793fd
SHA1f6a0b2baae5c5e61a6ed8903cbb54685497605a9
SHA2560231117ffb874dcfeaa0740f54a44788d3e49ebdce2f97ab6d8b688b424a0f27
SHA5120b8f11020546ecf83d8e20cb25b9b22ae34eac6a30a5819d7a454fde0021a018a0e2e47d5e383f75d0b5898ccbde9470031cf81e2a849e84fbbf6320654fc979
-
Filesize
415KB
MD5067a03373e2853841472022f821793fd
SHA1f6a0b2baae5c5e61a6ed8903cbb54685497605a9
SHA2560231117ffb874dcfeaa0740f54a44788d3e49ebdce2f97ab6d8b688b424a0f27
SHA5120b8f11020546ecf83d8e20cb25b9b22ae34eac6a30a5819d7a454fde0021a018a0e2e47d5e383f75d0b5898ccbde9470031cf81e2a849e84fbbf6320654fc979
-
Filesize
403KB
MD5f903148b5a0c07db2c61ce05fa5c7db2
SHA1b636a8bf5769f7fe27c263eab54026ac03732ad4
SHA2562999cb6a5b4a9d38c8f85c1b24a6574147c12c90b4a36e5a81c7aa9c7eecfe3d
SHA5123abb409a61e167f60af116cd2191435bdc7876ce5483905bd944a01dec2c41e5736ae4ffeb628ea74eeef205e7b5e0c0e04520b58e14aa3240bf9a2de0dfd9b9
-
Filesize
403KB
MD5f903148b5a0c07db2c61ce05fa5c7db2
SHA1b636a8bf5769f7fe27c263eab54026ac03732ad4
SHA2562999cb6a5b4a9d38c8f85c1b24a6574147c12c90b4a36e5a81c7aa9c7eecfe3d
SHA5123abb409a61e167f60af116cd2191435bdc7876ce5483905bd944a01dec2c41e5736ae4ffeb628ea74eeef205e7b5e0c0e04520b58e14aa3240bf9a2de0dfd9b9
-
Filesize
240KB
-
Filesize
5.2MB
-
Filesize
424KB
-
Filesize
1.8MB
-
Filesize
6.1MB
-
Filesize
72KB
-
Filesize
1.0MB
-
Filesize
5.7MB
-
Filesize
584KB
-
Filesize
1.1MB
-
Filesize
40KB
-
Filesize
5.6MB
-
Filesize
152KB
-
Filesize
440KB