Overview

overview

7

Static

static

3

PYG64.dll

windows10-1703-x64

5

PYG64.dll

windows11-21h2-x64

5

StreamFab6...64.exe

windows10-1703-x64

1

StreamFab6...64.exe

windows11-21h2-x64

1

uxtheme.dll

windows10-1703-x64

1

uxtheme.dll

windows11-21h2-x64

1

StreamFab ...91.exe

windows10-1703-x64

7

StreamFab ...91.exe

windows11-21h2-x64

7

Sharing

Copy URL Twitter E-mail

General

  • Target

    StreamFab 6.1.9.1 (x64) Multilingual [FileCR].zip

  • Size

    446.7MB

  • Sample

    240818-vb858atdjd

  • MD5

    20e92bd59ddcde2233002f6135401df8

  • SHA1

    a9fc8c5e0d58066bef487fb1de112b10fa509856

  • SHA256

    8ce919907ac2af679dc55962b89c83b9f76a51d0163ebf9a563fcaabfb3fa120

  • SHA512

    6e258c8562878e42c882147c43a144e537c4beef8feee47794b74f4d777eb0dd7663dd84c4480b799dbb275b6c0d28f5d76c54d5b4a95f26653b1cdc0ad334fc

  • SSDEEP

    12582912:BfkjTqWCN65+AHmkscyvZIeCfmG2xawP/T8CA:Wnlac+AXgZ7RG2xaq/TO

Score
7/10
discoverypersistencespywarestealer

Malware Config

Targets

    • Target

      PYG64.dll

    • Size

      1.3MB

    • MD5

      7c113281e232ee4e81217048737520ba

    • SHA1

      f63d701fd81bbc9a03a8b43855aa6b5e694ab869

    • SHA256

      65da2ac4ef85238bf977e948b1f14a85f8d2dd35d00e93c6f2cf5e8f4cf1d5f3

    • SHA512

      d193d81f876ab662a6bcb24d442148e6826449a029e09271336c9a7730de5c22f195f431ebd13eb173574c4c0eefafdf6893a5bf245cdc07f127b16c77a254c2

    • SSDEEP

      24576:PyXrbprozekA3dJG7xjOeGtqYVYkXTY6TTdTatPo0QT0PiQjV6:PGVoyJ3C7xjTGtqYVYkXPlTaW9T036

    Score
    5/10

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

    • Target

      StreamFab64 Hijack Patch64.exe

    • Size

      2.3MB

    • MD5

      0544d91c6c1bed395e2b9728259b9056

    • SHA1

      aec213524485a4270e4e212fbb2e5e4ae665cad7

    • SHA256

      f6c360b509bd7dd2b99e066b989c32b1b3d104c8918ae31327340c5437ad5525

    • SHA512

      d67cebc26b6b97cec2b642c5a59faa2a4928d60fc099770a221c71ed4d23998a23ac23c99307b665277d5bf52a273c153876ad958c18fad9d845c4c49ce451dd

    • SSDEEP

      49152:k94SoRH2HQT4GVoyJ3C7xjTGtqYVYkXPlTaW9T03f:U4Dqyk7hTGtjVYktU

    Score
    1/10
    behavioral3behavioral4

    • Target

      uxtheme.dll

    • Size

      72KB

    • MD5

      3f1dee97780a85c3e270075af8104224

    • SHA1

      ba0c04ec297298fac90f05b457e015481fba7e11

    • SHA256

      234ee4ba8c095648bbf6e7ee0f2228933fe1584e3c4404d80f89f86304a9494f

    • SHA512

      a230968d6aea535a86a4ba5a8390d7089e7175c165e19756e8297e272eaedddd3564cf94ce678ac2013875805afdf068d7eb448ebbbaf95b4ba4ed25076c6d28

    • SSDEEP

      1536:8bFA65NcOBN61LeK6FuPZB1dQFw3AgLdQEieZhwH59pipxe0g:8bFAcmOrAtEuPZBJfiNiwH5V

    Score
    1/10
    behavioral5behavioral6

    • Target

      StreamFab 6.1.9.1 (x64) Multilingual/streamfab_x64_6191.exe

    • Size

      449.8MB

    • MD5

      09a2837d577ae7c9d3efc1151c0f07ad

    • SHA1

      e691b8f6ea1cead80f45a816eec9dd321c4bab9f

    • SHA256

      e8be1009b4bd198c9a2dc249480db30f19533744363a3a180d55c14af02bc8b0

    • SHA512

      bcc2e0d915500171d9545517da2ea683785a34f8d1cdb5c3c0ad3f4e3df163c3d6601969147b93594dca74435554a890ce90b5171bc254f1cecc7ee1aa6e9099

    • SSDEEP

      12582912:KYalWwO9vHV1PxUDTW0TT8q85uMVTC1EsFvfrBBRxHcnms+BfN:Kbkf9t0THTYq8kzrBBRpcmFN

    Score
    7/10
    discoverypersistencespywarestealer

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral7behavioral8

MITRE ATT&CK Enterprise v15

Tasks