General

  • Target

    SteamTool.exe

  • Size

    6.9MB

  • Sample

    240619-1jawaaxdkk

  • MD5

    8329370648873513ab96c3754868c3d3

  • SHA1

    b9efd90fb03979eb9025e1523170d550fc96cc07

  • SHA256

    1b113b3fc34dddb83d165a91e37bcf00afe61dbdf4be216e6ef518aeae7e47cf

  • SHA512

    37ad768407780a69b0c1ea0b45a1c1efef6f8d5e64cb959ff2dd690420a93a73399921f7e32e8f8d9cac2c366564266a2748720a956f7414fa651b42bd71ceb2

  • SSDEEP

    98304:g4kwN+MdA5wqMVD8MMhJMjarJaon7JPzf+JiUCS3swhzqgez7DoeZDJ1n6hBnLnf:g4V1IB6ylnlPzf+JiJCsmFMvNn6hVvTP

Malware Config

Targets

    • Target

      SteamTool.exe

    • Size

      6.9MB

    • MD5

      8329370648873513ab96c3754868c3d3

    • SHA1

      b9efd90fb03979eb9025e1523170d550fc96cc07

    • SHA256

      1b113b3fc34dddb83d165a91e37bcf00afe61dbdf4be216e6ef518aeae7e47cf

    • SHA512

      37ad768407780a69b0c1ea0b45a1c1efef6f8d5e64cb959ff2dd690420a93a73399921f7e32e8f8d9cac2c366564266a2748720a956f7414fa651b42bd71ceb2

    • SSDEEP

      98304:g4kwN+MdA5wqMVD8MMhJMjarJaon7JPzf+JiUCS3swhzqgez7DoeZDJ1n6hBnLnf:g4V1IB6ylnlPzf+JiJCsmFMvNn6hVvTP

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

    • Drops file in Drivers directory

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Hide Artifacts: Hidden Files and Directories

MITRE ATT&CK Enterprise v15

Tasks