General
-
Target
SteamtoolsSetup.exe
-
Size
738KB
-
Sample
240816-mjzbzstejp
-
MD5
a1451950de0b25317f26d567ce5dd2e0
-
SHA1
c3cba823466a1b8edfd21fe07f1b78c785b077b1
-
SHA256
e3c542c8348950b0f902cace35ac683d39c0e4bd9071ef72460b851878ab4ec3
-
SHA512
05834bfbc0307b4d9738f645a1238084d38921ac48541e0cfb9b170843c6c36d2ff988e3a1e65cbf4715107689f37eee071befa3181c910750f61937b015bfdb
-
SSDEEP
12288:oVvtmEkkwJNf9n6eGsZBbh+I/vWt1UwI3kj34kGDzPnDpIMeUdLoBsO29Tjv:oVvtmEkVJNf9ntGsZBMyvWt1Oe8PnD6I
Static task
static1
Behavioral task
behavioral1
Sample
SteamtoolsSetup.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
SteamtoolsSetup.exe
Resource
win10v2004-20240802-en
Malware Config
Targets
-
-
Target
SteamtoolsSetup.exe
-
Size
738KB
-
MD5
a1451950de0b25317f26d567ce5dd2e0
-
SHA1
c3cba823466a1b8edfd21fe07f1b78c785b077b1
-
SHA256
e3c542c8348950b0f902cace35ac683d39c0e4bd9071ef72460b851878ab4ec3
-
SHA512
05834bfbc0307b4d9738f645a1238084d38921ac48541e0cfb9b170843c6c36d2ff988e3a1e65cbf4715107689f37eee071befa3181c910750f61937b015bfdb
-
SSDEEP
12288:oVvtmEkkwJNf9n6eGsZBbh+I/vWt1UwI3kj34kGDzPnDpIMeUdLoBsO29Tjv:oVvtmEkVJNf9ntGsZBMyvWt1Oe8PnD6I
Score8/10-
Downloads MZ/PE file
-
Drops file in Drivers directory
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2Defense Evasion
Modify Registry
4Subvert Trust Controls
1Install Root Certificate
1