7d3654531c32d941b8cae81c4137fc542172bfa9635f169cb392f245a0a12bcb

Sharing

Copy URL

Twitter E-mail

General

Target

SteamSetup.exe
Size

2.3MB
Sample

240529-ypa25afh4w
MD5

1b54b70beef8eb240db31718e8f7eb5d
SHA1

da5995070737ec655824c92622333c489eb6bce4
SHA256

7d3654531c32d941b8cae81c4137fc542172bfa9635f169cb392f245a0a12bcb
SHA512

fda935694d0652dab3f1017faaf95781a300b420739e0f9d46b53ce07d592a4cfa536524989e2fc9f83602d315259817638a89c4e27da709aada5d1360b717eb
SSDEEP

49152:UDP/q9MIX/crfcNVBaXp1m0zyVCMwBHgFzoZhRP8:kC9MI8Hm0GCjgFc3Rk

Score

7^/10

Malware Config

Targets

- Target
  
  SteamSetup.exe
- Size
  
  2.3MB
- MD5
  
  1b54b70beef8eb240db31718e8f7eb5d
- SHA1
  
  da5995070737ec655824c92622333c489eb6bce4
- SHA256
  
  7d3654531c32d941b8cae81c4137fc542172bfa9635f169cb392f245a0a12bcb
- SHA512
  
  fda935694d0652dab3f1017faaf95781a300b420739e0f9d46b53ce07d592a4cfa536524989e2fc9f83602d315259817638a89c4e27da709aada5d1360b717eb
- SSDEEP
  
  49152:UDP/q9MIX/crfcNVBaXp1m0zyVCMwBHgFzoZhRP8:kC9MI8Hm0GCjgFc3Rk
Score

4^/10
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/modern-header.bmp
- Size
  
  25KB
- MD5
  
  da3486d12bb4c8aec16bd9e0d363d23f
- SHA1
  
  863244a4845c9d5dea8dd36e1083f5639e1224e1
- SHA256
  
  d93b76d51bd2214fa6e999c1bf70b4aff5165a6542f9b9b2a92b5672601f4624
- SHA512
  
  8e40adb65a4ad46f3bc5920d7fd8294397268e754b1eb00d4f7b0883be6468448033d9a46cf3a00fccddb4a7c81e7f984cf5a25731532c1aeface69573dfe59f
- SSDEEP
  
  96:iAwofR7VVNRn5/7hY0buGRGGM/o3FYsIR:YWxvN//7a0buGRGGTdm
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/modern-wizard.bmp
- Size
  
  150KB
- MD5
  
  3614a4be6b610f1daf6c801574f161fe
- SHA1
  
  6edee98c0084a94caa1fe0124b4c19f42b4e7de6
- SHA256
  
  16e0edc9f47e6e95a9bcad15adbdc46be774fbcd045dd526fc16fc38fdc8d49b
- SHA512
  
  06e0eff28dfd9a428b31147b242f989ce3e92474a3f391ba62ac8d0d05f1a48f4cf82fd27171658acbd667eaffb94cb4e1baf17040dc3b6e8b27f39b843ca281
- SSDEEP
  
  48:ZQEM+jeAwtwVUoYxq+HQiNE/7o+f3cbqBtpozK8lHl/GGKOFHNPf33zFYsvwL:ZkWeftwV1enu/7ozCeu8RGGvP/jFYsv
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral5 behavioral6
- Target
  
  public/steambootstrapper_brazilian.txt
- Size
  
  4KB
- MD5
  
  0340d1a0bbdb8f3017d2326f4e351e0a
- SHA1
  
  90d078e9f732794db5b0ffeb781a1f2ed2966139
- SHA256
  
  0fcd7ae491b467858f2a8745c5ecdd55451399778c2119517ee686d1f264b544
- SHA512
  
  9d23e020875ed35825169a6542512ec2ffdb349472a12eb1e59ddc635e57c8fd65fa919873821e35c755aa7d027c9a62d3d0fa617340449d7b2c4cf8dd707e93
- SSDEEP
  
  96:3aArpYaRZ8hYzaAD25nDoVIPEPVIPErKOo8D85e:Gar8iRCNDVPXP738D85e
Score

1^/10
behavioral7 behavioral8
- Target
  
  public/steambootstrapper_bulgarian.txt
- Size
  
  6KB
- MD5
  
  4c81277a127e3d65fb5065f518ffe9c2
- SHA1
  
  253264b9b56e5bac0714d5be6cade09ae74c2a3a
- SHA256
  
  76a6bd74194efd819d33802decdfddaae893069d7000e44944dda05022cfa6d9
- SHA512
  
  be077b61f3b6d56a1f4d24957deaf18d2dff699bda6569604aac4f1edb57c3cfd0abc5e2a67809f72e31a90b4aed0813536c153886da2099376964c60e56001a
- SSDEEP
  
  192:sKVp+typPx7rYLxGnyVqY8WYw6i0KfBKKfg38m8i/:sKVpiqMLxGnyVq/YEWYWg38m8G
Score

1^/10
behavioral10 behavioral9
- Target
  
  public/steambootstrapper_czech.txt
- Size
  
  4KB
- MD5
  
  2158881817b9163bf0fd4724d549aed4
- SHA1
  
  c500f2e8f47a11129114ee4f19524aee8fecc502
- SHA256
  
  650a265dffdc5dc50200bb82d56f416a3a423eecc08c962cfd1ba2d40a1ff3f7
- SHA512
  
  f3594aad9d6c50254f690c903f078a5b7a58c33bd418abdad711ebb74cfbdb5564679593e08fb2d4378faaf4160d45e3d276ba1aa8a174ed77a5791bcac46f28
- SSDEEP
  
  96:20Az7xzQK8VzRZfVAxzPXRQjpqp/lSPxIjfiI7yOo8S8qQk:/Az9zozrdAZPXR6qOPOvO38S8qQk
Score

1^/10
behavioral11 behavioral12
- Target
  
  public/steambootstrapper_danish.txt
- Size
  
  4KB
- MD5
  
  03b664bd98485425c21cdf83bc358703
- SHA1
  
  0a31dcfeb1957e0b00b87c2305400d004a9a5bdb
- SHA256
  
  fdf7b42b3b027a12e1b79cb10ab9e6e34c668b04eb9e8a907d8611ba46473115
- SHA512
  
  4a8cdd4b98432ba9d9b36bc64aab9a2eab31a074d1cbdfab3d35a14216c60752b5580c41bbb70104993420043685d3bd47eb6637b8fcbb3f42f76a15e4be041d
- SSDEEP
  
  96:iKSCj4RjGEcH6RZY77p7zrOsLEPnvIBXKvI2BqOo8380Bg3:BJj4jGnH6rY77lrOxPnQoQmq38380By
Score

1^/10
behavioral13 behavioral14
- Target
  
  public/steambootstrapper_dutch.txt
- Size
  
  4KB
- MD5
  
  31a29061e51e245f74bb26d103c666ad
- SHA1
  
  271e26240db3ba0dcffc10866ccfcfa1c33cf1cc
- SHA256
  
  56c8a86fa95eab0d8f34f498e079b5516b96d2a2f1ad9c2a888555e50e47f192
- SHA512
  
  f85865c1e9ab45e5586d3dd2b45d15265193e8a3c34b6bb1ac7e415a1ea878cfb044e8e01012e917e4f00bb9e0a422f56253f328df1bac99a145e19433354cf8
- SSDEEP
  
  96:TnsaIWCk1TXfSRkAcXJNRZY/r/iza1GUNrzRxbM4x9yJs+Xc1AZqI79qIjiOo8nl:LsaIVATvycZNrY/KQyJs+ZZz79zji38l
Score

1^/10
behavioral15 behavioral16
- Target
  
  public/steambootstrapper_english.txt
- Size
  
  4KB
- MD5
  
  da6cd2483ad8a21e8356e63d036df55b
- SHA1
  
  0e808a400facec559e6fbab960a7bdfaab4c6b04
- SHA256
  
  ebececd3f691ac20e5b73e5c81861a01531203df3cf2baa9e1b6d004733a42a6
- SHA512
  
  06145861eb4803c9813a88cd715769a4baa0bab0e87b28f59aa242d4369817789f4c85114e8d0ceb502e080ec3ec03400385924ec7537e7b04f724ba7f17b925
- SSDEEP
  
  96:hSlb0IG997a8ICgARZ2pyUBnXPz5dc6LzIIivI/BxkHLs068:8lHmbICgAr2hJc6LkIiQ/DOLsV8
Score

1^/10
behavioral17 behavioral18
- Target
  
  public/steambootstrapper_finnish.txt
- Size
  
  4KB
- MD5
  
  9e62fc923c65bfc3f40aaf6ec4fd1010
- SHA1
  
  8f76faff18bd64696683c2a7a04d16aac1ef7e61
- SHA256
  
  8ff0f3cbdf28102ff037b9cda90590e4b66e1e654b90f9aea2cd5364494d02b7
- SHA512
  
  c8ff15373b37e848e6239a82424569e77c82a5fc557d17e7d2ed1d0d2b2f7d026cc1e2bc98cb5ee945c02cfefb82803c23fa6a26f48ff0adcf762f94cd5dd035
- SSDEEP
  
  96:OJCZC1RCSwhp1RZY/T4zcVYssvWIN71BIxZvaZIUZvaPOo8K8jbG:JkPwhp1rY/UcV0ALbYi38K8jK
Score

1^/10
behavioral19 behavioral20
- Target
  
  public/steambootstrapper_french.txt
- Size
  
  4KB
- MD5
  
  10c429eb58b4274af6b6ef08f376d46c
- SHA1
  
  af1e049ddb9f875c609b0f9a38651fc1867b50d3
- SHA256
  
  a1f6ba57ee41e009d904905c0ce5e75a59ee6790e08542561303109e1faafa13
- SHA512
  
  d8760f61760bffd8671b727d386ae220e7e6e68829a01553cfd5eb60ef8bd1d7c1b25e7b17a6db5bd17ba6712ef44999726764459318e784843c73bc4facaf46
- SSDEEP
  
  96:vk3l1CEN8RLcSMWPrfwgXWRZDbUvzBT5H5MEkJJIbcYIbsgqOo83fy8WJv:sVIEug0ETrDsB0EkQbclbsgq38Py8WJv
Score

1^/10
behavioral21 behavioral22
- Target
  
  public/steambootstrapper_german.txt
- Size
  
  4KB
- MD5
  
  5c026fd6072a7c5cf31c75818cddedec
- SHA1
  
  341aa1df1d034e6f0a7dff88d37c9f11a716cae6
- SHA256
  
  0828572e4fa00c186dbf1d9072a6154d65cb499c6a37e338f3305f77a2fee382
- SHA512
  
  f9d28714b2a05f8d9025f1692e4d7e8baa6daf6176353f65646a38814a242ef2adededa44419edd69f10cf96ffba506dab7cb6e52111457bf69cffef12174b12
- SSDEEP
  
  96:hn6e0CBtWTkRBtWTkcBMBcVRZY13nSYzBPCN0ayRzkxjhoG8IJ8N8S3vIKa3DOoo:h6erBtWwBtWDBMBcVrYF7+3tZcQTD38P
Score

1^/10
behavioral23 behavioral24
- Target
  
  public/steambootstrapper_greek.txt
- Size
  
  6KB
- MD5
  
  189ba063d1481528cbd6e0c4afc3abaa
- SHA1
  
  40bdd169fcc59928c69eea74fd7e057096b33092
- SHA256
  
  c0a7a1df442ac080668762df795c72aa322e9d415c41bd0a4c676a4dc0551695
- SHA512
  
  ce59ad9b17bab4de1254e92ce4fe7d8c8242832f62ab382e8f54199a9932cd11b5800cc33895441426373d5210cc74104e0271b721a7e26ed400b716ae4d5903
- SSDEEP
  
  192:xjAVmh67hMmrdtSIWdS0ZOfdS0ZQR38a8FN:gp8nOLQR38a8j
Score

1^/10
behavioral25 behavioral26
- Target
  
  public/steambootstrapper_hungarian.txt
- Size
  
  4KB
- MD5
  
  18aaaf5ffcdd21b1b34291e812d83063
- SHA1
  
  aa9c7ae8d51e947582db493f0fd1d9941880429f
- SHA256
  
  1f45bb7bdfa01424f9237eec60eba35dc7f0dc4e8c2e193fe768fe96d3ff76d5
- SHA512
  
  4f3e56d1abe26b56d3f805dc85baaca450c0c7bec57ebcf8a6bb6ebb8588307dad130c83bf792bac76694909a14fd6a4d7d1e9b31e32fba11256343b9fc18154
- SSDEEP
  
  96:ADKraKKnH5BpRZELDO1cMQzQNW3kjN7MIOjHfvMIOwuOo888OK:W+a5BprELDXMAQNnN1OjHfhOwu3888OK
Score

1^/10
behavioral27 behavioral28
- Target
  
  public/steambootstrapper_indonesian.txt
- Size
  
  4KB
- MD5
  
  1514d082b672b372cdfb8dd85c3437f1
- SHA1
  
  336a01192edb76ae6501d6974b3b6f0c05ea223a
- SHA256
  
  3b3c5c615fd82070cc951ab482d3de8cb12df0b3df59fbd11f9d3271fa2fbca4
- SHA512
  
  4d41c945ce7c94746875b0dbceb14811d4966de4e97fe047406a304162fde7e1e2a16367fc2e43978e2e5aa66749f036b4444aa2312673c2cc3af296e8b77f55
- SSDEEP
  
  96:avbCWRRc1yRZY+lDz+Xo2drTRw2IoMTb9ISQISXOo8V8El:o+2S1yrYWsEo0uWq38V8El
Score

1^/10
behavioral29 behavioral30
- Target
  
  public/steambootstrapper_italian.txt
- Size
  
  4KB
- MD5
  
  8958371646901eac40807eeb2f346382
- SHA1
  
  55fb07b48a3e354f7556d7edb75144635a850903
- SHA256
  
  b01ec64d75fd1fbd00fbeb45a3fb39244911a8b22bb43de4e0c03f205184f585
- SHA512
  
  14c5dbb017822336f22bf6779ccd4a66604ddc5f2c3caa24271e96f739fef007754d96844efa422d6682cbcd2d3bc902c36f0f6acb3eb87ed8d7b3f885973554
- SSDEEP
  
  96:5fTYcpLQ4J+4XRZauvgpJ2zyHTNb9eMuIluIVOo83zy8Xa6:xpkA3XrDQHlHV38Dy8Xa6
Score

1^/10
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Checks computer location settings

Checks computer location settings

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32