Resubmissions

16-08-2024 10:54

240816-mzm9navckn 8

16-08-2024 10:53

240816-mzcsxsvcjr 3

16-08-2024 10:30

240816-mjzbzstejp 8

General

  • Target

    SteamtoolsSetup.exe

  • Size

    738KB

  • Sample

    240816-mjzbzstejp

  • MD5

    a1451950de0b25317f26d567ce5dd2e0

  • SHA1

    c3cba823466a1b8edfd21fe07f1b78c785b077b1

  • SHA256

    e3c542c8348950b0f902cace35ac683d39c0e4bd9071ef72460b851878ab4ec3

  • SHA512

    05834bfbc0307b4d9738f645a1238084d38921ac48541e0cfb9b170843c6c36d2ff988e3a1e65cbf4715107689f37eee071befa3181c910750f61937b015bfdb

  • SSDEEP

    12288:oVvtmEkkwJNf9n6eGsZBbh+I/vWt1UwI3kj34kGDzPnDpIMeUdLoBsO29Tjv:oVvtmEkVJNf9ntGsZBMyvWt1Oe8PnD6I

Malware Config

Targets

    • Target

      SteamtoolsSetup.exe

    • Size

      738KB

    • MD5

      a1451950de0b25317f26d567ce5dd2e0

    • SHA1

      c3cba823466a1b8edfd21fe07f1b78c785b077b1

    • SHA256

      e3c542c8348950b0f902cace35ac683d39c0e4bd9071ef72460b851878ab4ec3

    • SHA512

      05834bfbc0307b4d9738f645a1238084d38921ac48541e0cfb9b170843c6c36d2ff988e3a1e65cbf4715107689f37eee071befa3181c910750f61937b015bfdb

    • SSDEEP

      12288:oVvtmEkkwJNf9n6eGsZBbh+I/vWt1UwI3kj34kGDzPnDpIMeUdLoBsO29Tjv:oVvtmEkVJNf9ntGsZBMyvWt1Oe8PnD6I

    • Downloads MZ/PE file

    • Drops file in Drivers directory

    • Sets service image path in registry

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Detected potential entity reuse from brand steam.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks