3b616cb0beaacffb53884b5ba0453312d2577db598d2a877a3b251125fb281a1

Sharing

Copy URL

Twitter E-mail

General

Target

SteamSetup.exe
Size

2.2MB
Sample

240212-y4apxabe61
MD5

70f3bc193dfa56b78f3e6e4f800f701f
SHA1

1e5598f2de49fed2e81f3dd8630c7346a2b89487
SHA256

3b616cb0beaacffb53884b5ba0453312d2577db598d2a877a3b251125fb281a1
SHA512

3ffa815fea2fe37c4fde71f70695697d2b21d6d86a53eea31a1bc1256b5777b44ff400954a0cd0653f1179e4b2e63e24e50b70204d2e9a4b8bf3abf8ede040d1
SSDEEP

49152:2DcHcEngZtNm1LQRHH4PTwZX6kg9hsf4lcszpyu7d/TC:rngZtNm1G4Pw6dJzZNTC

Score

6^/10

discovery persistence

Malware Config

Targets

- Target
  
  SteamSetup.exe
- Size
  
  2.2MB
- MD5
  
  70f3bc193dfa56b78f3e6e4f800f701f
- SHA1
  
  1e5598f2de49fed2e81f3dd8630c7346a2b89487
- SHA256
  
  3b616cb0beaacffb53884b5ba0453312d2577db598d2a877a3b251125fb281a1
- SHA512
  
  3ffa815fea2fe37c4fde71f70695697d2b21d6d86a53eea31a1bc1256b5777b44ff400954a0cd0653f1179e4b2e63e24e50b70204d2e9a4b8bf3abf8ede040d1
- SSDEEP
  
  49152:2DcHcEngZtNm1LQRHH4PTwZX6kg9hsf4lcszpyu7d/TC:rngZtNm1G4Pw6dJzZNTC
Score

6^/10

discovery persistence
- Adds Run key to start application
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/StdUtils.dll
- Size
  
  99KB
- MD5
  
  98a4efba4e4b566dc3d93d2d9bfcab58
- SHA1
  
  8c54ae9fcec30b2beea8b6af4ead0a76d634a536
- SHA256
  
  e2ad7736209d62909a356248fce8e554093339b18ef3e6a989a3c278f177ad48
- SHA512
  
  2dbc9a71e666ebf782607d3ca108fd47aa6bce1d0ac2a19183cc5187dd342307b64cb88906369784518922a54ac20f408d5a58f77c0ed410e2ccf98e4e9e39a0
- SSDEEP
  
  1536:Lyy+HcFWrX52XWcS15c4DBVOw/bEQvWt6uouMw5m0mhdBu4NpBTvO7Fvo6mVS6oN:Oy+8ozImcSNd1YHbMbC
Score

3^/10
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  a4dd044bcd94e9b3370ccf095b31f896
- SHA1
  
  17c78201323ab2095bc53184aa8267c9187d5173
- SHA256
  
  2e226715419a5882e2e14278940ee8ef0aa648a3ef7af5b3dc252674111962bc
- SHA512
  
  87335a43b9ca13e1300c7c23e702e87c669e2bcf4f6065f0c684fc53165e9c1f091cc4d79a3eca3910f0518d3b647120ac0be1a68eaade2e75eaa64adfc92c5a
- SSDEEP
  
  192:em24sihno00Wfl97nH6T2enXwWobpWBTU4VtHT7dmN35OlESl:m8QIl975eXqlWBrz7YLOlE
Score

3^/10
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/nsDialogs.dll
- Size
  
  9KB
- MD5
  
  0d45588070cf728359055f776af16ec4
- SHA1
  
  c4375ceb2883dee74632e81addbfa4e8b0c6d84a
- SHA256
  
  067c77d51df034b4a614f83803140fbf4cd2f8684b88ea8c8acdf163edad085a
- SHA512
  
  751ebf4c43f100b41f799d0fbf8db118ea8751df029c1f4c4b0daeb0fef200ddf2e41c1c9c55c2dc94f2c841cf6acb7df355e98a2e5877a7797f0f1d41a7e415
- SSDEEP
  
  192:ob8cSzvTyl4tgi8pPjQM0PuAg0YNyhIFtSP:mBSzm+t18pZ0WAg0RhIFg
Score

3^/10
behavioral7 behavioral8
- Target
  
  $PLUGINSDIR/nsExec.dll
- Size
  
  6KB
- MD5
  
  c5b9fe538654a5a259cf64c2455c5426
- SHA1
  
  db45505fa041af025de53a0580758f3694b9444a
- SHA256
  
  7b51372117960e84d6f5eb3a26810cc044ff02283b3d656a0a456b0ab5cb8ea7
- SHA512
  
  f0f8a5570c01b16e54f47502e867ffbaf162b44a847c0ffc8062d20e9492114229de5d9d2a836da256fd3f9fb493536bdbf148d5308695b16c0e98d20d8926aa
- SSDEEP
  
  96:xr7fhfKaGgchPzxK6bq+pKX6D8ZLidGgmkNL38:xxbGgGPzxeX6D8ZyGgmkN
Score

3^/10
behavioral10 behavioral9
- Target
  
  $PLUGINSDIR/nsProcess.dll
- Size
  
  4KB
- MD5
  
  f0438a894f3a7e01a4aae8d1b5dd0289
- SHA1
  
  b058e3fcfb7b550041da16bf10d8837024c38bf6
- SHA256
  
  30c6c3dd3cc7fcea6e6081ce821adc7b2888542dae30bf00e881c0a105eb4d11
- SHA512
  
  f91fcea19cbddf8086affcb63fe599dc2b36351fc81ac144f58a80a524043ddeaa3943f36c86ebae45dd82e8faf622ea7b7c9b776e74c54b93df2963cfe66cc7
- SSDEEP
  
  48:Sz4joMeH+Iwdf8Rom/L+rOnnk5/OCnXeAdbdOAa4GPI+CJ87eILzlq7gthwIsEQW:64c/eFdfS/SSnkxNa4G+ueqPuCtGsj
Score

3^/10
behavioral11 behavioral12
- Target
  
  Steam.exe
- Size
  
  4.1MB
- MD5
  
  b4411620a3551834e4f699cc5a9b27e6
- SHA1
  
  5093960cc86613e310d13770b5adef00fe93f3eb
- SHA256
  
  3caf4a246169b2d30c6bf18fa0b7a4a01bbe933cfb781f3da4c6b3cb67b59d04
- SHA512
  
  47dde07212c2d5eea548d7794fc6bb9d86ced9a0848aaeab81fa8844fc5cab7eac58e386e96a81c663b914c85c0a7116033e2b2cfd18559d40aa6c83f9a6c024
- SSDEEP
  
  98304:dDokH1WPirCS6Ijt91p2GWNzSC34g2FiiIk:ttHSiJXGNNiE/k
Score

5^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral13 behavioral14
- Target
  
  bin/SteamService.exe
- Size
  
  2.7MB
- MD5
  
  2de3f7cf6020b3bb6bc4199459a63016
- SHA1
  
  8a30e5e333a353eb069ab961a4c1918fcbb44623
- SHA256
  
  f649f4a1d41cd442d5e3f079b1677442a2123eb494bda58ef866870b25915d7e
- SHA512
  
  5d1e016c731dd1bfaaf24fde9da4f453f71773a71db956290809eb82064fa0307874cd412be6ad98c4fdbb36e94cd8ae7aa27341aaa1f9f3f9e696afe0cca56e
- SSDEEP
  
  49152:EmvpI/M4M2YEOpBGcCxutN8Lf6vMTC4gbZtPW3bwDlmTbCeieU8K9f2ywH:Emv+M2CGZxY8Lf6L4gdw3b6mT7
Score

1^/10
behavioral15 behavioral16
- Target
  
  uninstall.exe
- Size
  
  139KB
- MD5
  
  4f009883567dfa9e908c5ffa25a2fa0a
- SHA1
  
  5848783144c5a04fd4fff71651e3195444156b03
- SHA256
  
  d0b0305b42c35716482a6aa08c8257c19aad225e3ffd9ab1f0de411d8b9e592e
- SHA512
  
  015e03849ccb6f646538ebb5a1f75bd973258564a4d2664f51da11e88316e9a3d2863de131f105daf2173a5c494e6c6bcc621c6952144ed4bf4bd2bbdec5ef6d
- SSDEEP
  
  3072:cAe+3aJpgWXTBuA/JFONMVRO9qyVK+J5n/79:/B+pgUXJFOSVAqyVK+J5nj9
Score

4^/10
behavioral17 behavioral18
- Target
  
  $PLUGINSDIR/LangDLL.dll
- Size
  
  5KB
- MD5
  
  0c44f21d4afc81cc99fac7cc35e4503a
- SHA1
  
  3d0d5c684df99a46510c0e2c0020163a9d11c08d
- SHA256
  
  8dc2be6679497994e3ddc97bc7bc1ce2b3c17ef3528b03ded6696ef198a11d10
- SHA512
  
  4e4bd35d6aa21cecbfe7a93a2ee7db8ee78ca710a4193dfe240d1067afbe10f61db332c1c85f6cc3ba404d895a959742401b615ef8ff5bd9028254c4a43a0923
- SSDEEP
  
  48:S46+/N3TKYKxbWsptIpBtWZ0iV8jAWiAJCvxft2O2B8mCofjLl:zPuPbOBtWZBV8jAWiAJCdv2CmpL
Score

3^/10
behavioral19 behavioral20
- Target
  
  $PLUGINSDIR/ShellLink.dll
- Size
  
  4KB
- MD5
  
  d62d3e349689811f838dd10fb216eba1
- SHA1
  
  edcafd517860cb6b4bd299e20b17ad74a6fa2a5d
- SHA256
  
  5d103419245e2a5f124a96cace25d6836b2398edc0aa3919829b0fd6ad8b5d6a
- SHA512
  
  fc7d5826cb9f85068ea702f007920bf7ae63758d13c48761e83cc9e8ac06b231f40e17a9f3340d60d874ad2cf6e0991eb98a52cf893ab785489e0cdbbf294f88
- SSDEEP
  
  96:fQW7e3a0JF5jdrORE6C4tb+X+bzYz3Cl6nfkfLGpRO:4687JQCdiaR
Score

3^/10
behavioral21 behavioral22
- Target
  
  $PLUGINSDIR/nsExec.dll
- Size
  
  6KB
- MD5
  
  c5b9fe538654a5a259cf64c2455c5426
- SHA1
  
  db45505fa041af025de53a0580758f3694b9444a
- SHA256
  
  7b51372117960e84d6f5eb3a26810cc044ff02283b3d656a0a456b0ab5cb8ea7
- SHA512
  
  f0f8a5570c01b16e54f47502e867ffbaf162b44a847c0ffc8062d20e9492114229de5d9d2a836da256fd3f9fb493536bdbf148d5308695b16c0e98d20d8926aa
- SSDEEP
  
  96:xr7fhfKaGgchPzxK6bq+pKX6D8ZLidGgmkNL38:xxbGgGPzxeX6D8ZyGgmkN
Score

3^/10
behavioral23 behavioral24

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Adds Run key to start application

Checks computer location settings

Checks computer location settings

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24