d29aa7378f7af6bec15789ad03d3591e075bc0f31915b799ee1c4b0b233c4136 | Triage

Sharing

General

Target

PSPO_Fix_Repair_Steam_V3_Generic.rar
Size

20.4MB
Sample

240515-nr5z6sfe51
MD5

c96d3470e2e0987befdca60fa21f0aa7
SHA1

baae18b8e8760ce50e8066bcb87cc9ba10953348
SHA256

d29aa7378f7af6bec15789ad03d3591e075bc0f31915b799ee1c4b0b233c4136
SHA512

82096e76fef6853046213c867309cb8f592fea8c2290a856f06acf6e7492982337d5f32ce4f1c28d62bacd537be41d0c1225ae738cbfcb8d278abf534dd36480
SSDEEP

393216:FbvIIvhVgxF7UGkdXJYWOO/VBBqBBqs8DqyMzDhftSd+ugBNd6PqcjnlLiRaFV10:VJCF7URd5YWOuBBq2ky691SdzIdDcDlK

Score

6^/10

evasion trojan

Malware Config

Targets

- Target
  
  Boston/Binaries/Win64/EOSAuthHooker64.dll
- Size
  
  3.5MB
- MD5
  
  cfb3bd376ac9783644702562210b9eda
- SHA1
  
  9550438a65ea4aa1d757e92180e723a31f5f4b8d
- SHA256
  
  9b56ac0b08ee72475219b930d7956d6e987fee26b24bd907a5777fcfa976eaa2
- SHA512
  
  a3a273fd8acaa1d206f2df8cb0c4bd1d95a52927198f965ea7a3dec7b0d87f460d5e942dd7bd527a1d1e3684b1367be8244ff359b126cbb290ff25214da6910a
- SSDEEP
  
  98304:w5fYuelregksIDt8qveC52reSTnpq5ovck:w1YllDPIDSba2rdTpHvc
Score

1^/10
behavioral1 behavioral2
- Target
  
  Boston/Binaries/Win64/EOSSDK-Win64-Shipping.dll
- Size
  
  22.3MB
- MD5
  
  273b13abfb26ed25e27de47c080ac8d0
- SHA1
  
  9176f6d58e46153342d7b065d279636df8298603
- SHA256
  
  2c9b0fab80f81b813d69afa53e18c612cfcd32b37f41711f4e27210dfbd60fda
- SHA512
  
  ee8b40019dc0e366ea3cacbea5fa6c2ef89f36866550cdb4d37d9d4bbd50a0b5583e7b5a54fac7e9099a529275a16cd27eb3b7536a1a82b025ac8ae422e99bce
- SSDEEP
  
  393216:ZrMq+l268PXx8JkejIRen5Myq0ud8+7v/i1:ZgmRg5Wv/i
Score

1^/10
behavioral3 behavioral4
- Target
  
  Boston/Binaries/Win64/OnlineFix.ini
- Size
  
  928B
- MD5
  
  bbf2ab4fb03d26980400a868fe0044e5
- SHA1
  
  006f563ff32ffdb28b0201f30aa3bce8bdce4fa7
- SHA256
  
  4b54bdd807ecb5578a86e5a44f86055ff14fe06ea4f1f100f38a5362bcfb1d36
- SHA512
  
  2842f18e0b192c780098688a7aa176b01a9f11e5b50b47246cffd7b3d0afe39b56ac9fcbbadc69d721d17b8e3f9352e71f5f40aa1180986a6b042bd1a3b86824
Score

1^/10
behavioral5 behavioral6
- Target
  
  Boston/Binaries/Win64/OnlineFix.url
- Size
  
  46B
- MD5
  
  59bf167dc52a52f6e45f418f8c73ffa1
- SHA1
  
  fa006950a6a971e89d4a1c23070d458a30463999
- SHA256
  
  3cb526cccccc54af4c006fff00d1f48f830d08cdd4a2f21213856065666ef38e
- SHA512
  
  00005820f0418d4a3b802de4a7055475c88d79c2ee3ebfa580b7ae66a12c6966e5b092a02dc0f40db0fd3b821ea28d4aec14d7d404ead4ea88dc54a1815ffe26
Score

6^/10

evasion trojan
- Checks whether UAC is enabled
  evasion trojan
- Legitimate hosting services abused for malware hosting/C2
behavioral7 behavioral8
- Target
  
  Boston/Binaries/Win64/OnlineFix64.dll
- Size
  
  11.4MB
- MD5
  
  47405758b967aa564aeb20fddf06ed77
- SHA1
  
  1d9f52eedbc5f5d7df844baa0b9a9094a4c1a278
- SHA256
  
  14232bd5332d950291bc419d3dba5d8794079adfe108a3fd0688af8a01ca5e6b
- SHA512
  
  77a5b85093d797aff5a02fee74fede49dd24f736c10660167ecc49a10fca7715e5bf107e9318143858a24c8bdb93c4c8442388154ddb4290a7f7ace07df1e3ab
- SSDEEP
  
  196608:L15lPjdkENulnJCLYG+ag8WraGyI0s111IwR+QfgpjHh93OoE9KmG67os:55LkyYP8WrLyIn1uw/IzOYZ
Score

1^/10
behavioral10 behavioral9
- Target
  
  Boston/Binaries/Win64/StubDRM64.dll
- Size
  
  99KB
- MD5
  
  ea4f734941abc5c64633e83b2eaa6db1
- SHA1
  
  c89bb08fd717c846f0c6d44d38f647d68cd7c30c
- SHA256
  
  c44ce43eafddf6981ddfb7060eb01d70b0a0b7498a5a114e9fd0a240e6a97e9e
- SHA512
  
  3cd14d3c170521eeaf81cc8f82d7e2202d2ab74d17b98de930de3961444c9f3ed3595b57c01f09b62a056b76657217c7179c3165a8006c1c6d5d8bf0ed3148a0
- SSDEEP
  
  1536:8renqwn4nLCWS9pqSoLDuODBEaiclO0J9dsWaRd09dlAH1tq:Qenqwn4nLhqqhLtDBEaicDj6LMWH1t
Score

1^/10
behavioral11 behavioral12
- Target
  
  Boston/Binaries/Win64/dlllist.txt
- Size
  
  51B
- MD5
  
  ce6797c8e6798cb56c208a9c0014e44b
- SHA1
  
  013fa094ec64708b81eebeb49cc2454d0e8a50eb
- SHA256
  
  de326868d97ac9391afd1e3c36ff13b02989e087601671b1095dfac92c172a3d
- SHA512
  
  19c656a1c0afc6650d092a79befea92e5d00803859357128aff9e2783a2942684a10e84d391ddac31173adac1e15f080642998c1e013e22569c03a35b4f0d967
Score

1^/10
behavioral13 behavioral14
- Target
  
  Boston/Binaries/Win64/winmm.dll
- Size
  
  512KB
- MD5
  
  e59aac558d9f9c5d1312ac24d09c51d5
- SHA1
  
  2f11c4b00f5f92d4466348f9501aa657c9bf6fa7
- SHA256
  
  ba37009eef6c041bc6d0a271c13679fb9e14a005bd7e038cee596cd4064cf8b3
- SHA512
  
  1c3b357074d62d5ca11c92d71ffdacb4a7e3d6fb17cbd4b489e5bea0032cea43650a6809388e98e4b98256b477c6b5dbd8fd2c7f4e3e08af00ef68e0ed4406d0
- SSDEEP
  
  12288:XQxOD9ZC0WKOy8zMtJKpBmpMgBNwQuQmMzWq0hNwnoAZwl:XQxOD9ZFKpB+N7JmMzWq0hNwnBZ
Score

1^/10
behavioral15 behavioral16
- Target
  
  Engine/Binaries/ThirdParty/Steamworks/Steamv151/Win64/steam_api64.dll
- Size
  
  259KB
- MD5
  
  cbc8b390e065c29572494901b151989e
- SHA1
  
  238243867b2f2daf54ac0dd5f3b68f9d99f8abaf
- SHA256
  
  ca1fa9a7609ab10b7926400559cf073e5888423cc156af72c6027d72a89eea73
- SHA512
  
  e8deb190d9b00d9931f480754cd46b0fa16c4080bf12c25d024ee2c14e75e27a7ed9f9b357a456037c9123537910d5186b7361f359d44a25b175f55bfb9affa7
- SSDEEP
  
  3072:WZz7iKHWadsCKUB6/KuBHlvdXGFcKLF65lhTbCNTnJvxfyN+ve2UhMBCcJo5gDst:+7i6ddsCKg6/KuBFFXyDyEBCcUb
Score

1^/10
behavioral17 behavioral18

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18