874788b45dfc043289ba05387e83f27b4a046004a88a4c5ee7c073187ff65b9d

Sharing

Copy URL Twitter E-mail

General

Target

Elden Ring - SteamSetup.exe
Size

1.7MB
Sample

240822-ykq8jsxdnk
MD5

29a0d4f99b2ad92bc67d276c0c43d603
SHA1

0308b646b70fa915c6fb1bc7df5212940c7a938e
SHA256

874788b45dfc043289ba05387e83f27b4a046004a88a4c5ee7c073187ff65b9d
SHA512

6ba31c8a9294f3d6e21639d9c87b2fa45b902367f8760a0be79b3ff8a8cb466470fef5c98b47cea77c7c16463a3b593a8bedaf2492853289fc9efac168f74ff9
SSDEEP

24576:UDlF7nwnEfxR6faGpt9jE+JgTsjOa5vJI4xFauhIOhGHEuzZgoSjSoosl:UDLXL6CkbE+6ojOaJJlYEor2Sobl

Score

7^/10

discovery persistence

Malware Config

Targets

- Target
  
  Elden Ring - SteamSetup.exe
- Size
  
  1.7MB
- MD5
  
  29a0d4f99b2ad92bc67d276c0c43d603
- SHA1
  
  0308b646b70fa915c6fb1bc7df5212940c7a938e
- SHA256
  
  874788b45dfc043289ba05387e83f27b4a046004a88a4c5ee7c073187ff65b9d
- SHA512
  
  6ba31c8a9294f3d6e21639d9c87b2fa45b902367f8760a0be79b3ff8a8cb466470fef5c98b47cea77c7c16463a3b593a8bedaf2492853289fc9efac168f74ff9
- SSDEEP
  
  24576:UDlF7nwnEfxR6faGpt9jE+JgTsjOa5vJI4xFauhIOhGHEuzZgoSjSoosl:UDLXL6CkbE+6ojOaJJlYEor2Sobl
Score

7^/10

discovery persistence
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/StdUtils.dll
- Size
  
  99KB
- MD5
  
  98a4efba4e4b566dc3d93d2d9bfcab58
- SHA1
  
  8c54ae9fcec30b2beea8b6af4ead0a76d634a536
- SHA256
  
  e2ad7736209d62909a356248fce8e554093339b18ef3e6a989a3c278f177ad48
- SHA512
  
  2dbc9a71e666ebf782607d3ca108fd47aa6bce1d0ac2a19183cc5187dd342307b64cb88906369784518922a54ac20f408d5a58f77c0ed410e2ccf98e4e9e39a0
- SSDEEP
  
  1536:Lyy+HcFWrX52XWcS15c4DBVOw/bEQvWt6uouMw5m0mhdBu4NpBTvO7Fvo6mVS6oN:Oy+8ozImcSNd1YHbMbC
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  a4dd044bcd94e9b3370ccf095b31f896
- SHA1
  
  17c78201323ab2095bc53184aa8267c9187d5173
- SHA256
  
  2e226715419a5882e2e14278940ee8ef0aa648a3ef7af5b3dc252674111962bc
- SHA512
  
  87335a43b9ca13e1300c7c23e702e87c669e2bcf4f6065f0c684fc53165e9c1f091cc4d79a3eca3910f0518d3b647120ac0be1a68eaade2e75eaa64adfc92c5a
- SSDEEP
  
  192:em24sihno00Wfl97nH6T2enXwWobpWBTU4VtHT7dmN35OlESl:m8QIl975eXqlWBrz7YLOlE
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/nsDialogs.dll
- Size
  
  9KB
- MD5
  
  0d45588070cf728359055f776af16ec4
- SHA1
  
  c4375ceb2883dee74632e81addbfa4e8b0c6d84a
- SHA256
  
  067c77d51df034b4a614f83803140fbf4cd2f8684b88ea8c8acdf163edad085a
- SHA512
  
  751ebf4c43f100b41f799d0fbf8db118ea8751df029c1f4c4b0daeb0fef200ddf2e41c1c9c55c2dc94f2c841cf6acb7df355e98a2e5877a7797f0f1d41a7e415
- SSDEEP
  
  192:ob8cSzvTyl4tgi8pPjQM0PuAg0YNyhIFtSP:mBSzm+t18pZ0WAg0RhIFg
Score

3^/10

discovery
behavioral7 behavioral8
- Target
  
  $PLUGINSDIR/nsExec.dll
- Size
  
  6KB
- MD5
  
  c5b9fe538654a5a259cf64c2455c5426
- SHA1
  
  db45505fa041af025de53a0580758f3694b9444a
- SHA256
  
  7b51372117960e84d6f5eb3a26810cc044ff02283b3d656a0a456b0ab5cb8ea7
- SHA512
  
  f0f8a5570c01b16e54f47502e867ffbaf162b44a847c0ffc8062d20e9492114229de5d9d2a836da256fd3f9fb493536bdbf148d5308695b16c0e98d20d8926aa
- SSDEEP
  
  96:xr7fhfKaGgchPzxK6bq+pKX6D8ZLidGgmkNL38:xxbGgGPzxeX6D8ZyGgmkN
Score

3^/10

discovery
behavioral10 behavioral9
- Target
  
  $PLUGINSDIR/nsProcess.dll
- Size
  
  4KB
- MD5
  
  f0438a894f3a7e01a4aae8d1b5dd0289
- SHA1
  
  b058e3fcfb7b550041da16bf10d8837024c38bf6
- SHA256
  
  30c6c3dd3cc7fcea6e6081ce821adc7b2888542dae30bf00e881c0a105eb4d11
- SHA512
  
  f91fcea19cbddf8086affcb63fe599dc2b36351fc81ac144f58a80a524043ddeaa3943f36c86ebae45dd82e8faf622ea7b7c9b776e74c54b93df2963cfe66cc7
- SSDEEP
  
  48:Sz4joMeH+Iwdf8Rom/L+rOnnk5/OCnXeAdbdOAa4GPI+CJ87eILzlq7gthwIsEQW:64c/eFdfS/SSnkxNa4G+ueqPuCtGsj
Score

3^/10

discovery
behavioral11 behavioral12
- Target
  
  Steam.exe
- Size
  
  3.3MB
- MD5
  
  2aebfdcf91cd440ec7008c5a3a2f00d8
- SHA1
  
  50adf8ce77b0829f0cfffbcead578bf52e4a5baa
- SHA256
  
  fdf63690f3ae49e53fd4a1fd04beda5adb7a61fb3f14970e40bf8ed1e6fdec14
- SHA512
  
  12cf664ee0a1d801db0114137c20c91a733eb1d9d5fdc226ed16ebdb611735296403bb5855b25b0d171e6b35ed00a78abae2110bf650d7be9f93d870e41a1d3a
- SSDEEP
  
  98304:uDWkmQ4iT/0LnZV4i1WedAeg6heJjSCc4gcVB:EWkmQZ0dWed439f
Score

7^/10

discovery
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral13 behavioral14
- Target
  
  bin/SteamService.exe
- Size
  
  2.0MB
- MD5
  
  e5e2e9acf1483a87091221e00f0c534f
- SHA1
  
  6756ad5a924359594b68fbf088034fe78d71e6ab
- SHA256
  
  bcfb4738253dec31d7fb7a85f0ad8b0177deaa2a7c6f3fd06a249177e4a65d5c
- SHA512
  
  bb3034f32c43a1997b6231783c942c660f5156d831ec42f25ac83a8cc6c048891e8d41568914f4a120c42c064ac074e5e196d00a9c40a13b2726720ce4334be5
- SSDEEP
  
  49152:U7tGtUNH+FaE0nUpSI46/Bi4g35PuS5Mm9J03L3PU5305F:UxyUl+sXnUpSF6E4g4Tm9e
Score

1^/10
behavioral15 behavioral16
- Target
  
  uninstall.exe
- Size
  
  138KB
- MD5
  
  a81f8eb6954db194e52d6b189684dc19
- SHA1
  
  8fd5619c187ba8eb97aa9c5fa73216cad6fc87e6
- SHA256
  
  4159f6be679f5b9962148ae5c1042985f71c4521e6986400af10575619dc26e2
- SHA512
  
  adbc1d3eccbd660d400a32b52ff59ee43eb759fdcbd55d395587aede9fb466ca18f4b38fd494a31d4e8678fbb3bb88d50fc29ce48a6f649827233c6e1ae82d12
- SSDEEP
  
  3072:UAe+3aJpgWXTBuA/JFONMVtEpqZ8PhXJc:HB+pgUXJFOSVtYh5X+
Score

7^/10

discovery
- Executes dropped EXE
- Loads dropped DLL
behavioral17 behavioral18
- Target
  
  $PLUGINSDIR/LangDLL.dll
- Size
  
  5KB
- MD5
  
  0c44f21d4afc81cc99fac7cc35e4503a
- SHA1
  
  3d0d5c684df99a46510c0e2c0020163a9d11c08d
- SHA256
  
  8dc2be6679497994e3ddc97bc7bc1ce2b3c17ef3528b03ded6696ef198a11d10
- SHA512
  
  4e4bd35d6aa21cecbfe7a93a2ee7db8ee78ca710a4193dfe240d1067afbe10f61db332c1c85f6cc3ba404d895a959742401b615ef8ff5bd9028254c4a43a0923
- SSDEEP
  
  48:S46+/N3TKYKxbWsptIpBtWZ0iV8jAWiAJCvxft2O2B8mCofjLl:zPuPbOBtWZBV8jAWiAJCdv2CmpL
Score

3^/10

discovery
behavioral19 behavioral20
- Target
  
  $PLUGINSDIR/ShellLink.dll
- Size
  
  4KB
- MD5
  
  d62d3e349689811f838dd10fb216eba1
- SHA1
  
  edcafd517860cb6b4bd299e20b17ad74a6fa2a5d
- SHA256
  
  5d103419245e2a5f124a96cace25d6836b2398edc0aa3919829b0fd6ad8b5d6a
- SHA512
  
  fc7d5826cb9f85068ea702f007920bf7ae63758d13c48761e83cc9e8ac06b231f40e17a9f3340d60d874ad2cf6e0991eb98a52cf893ab785489e0cdbbf294f88
- SSDEEP
  
  96:fQW7e3a0JF5jdrORE6C4tb+X+bzYz3Cl6nfkfLGpRO:4687JQCdiaR
Score

3^/10

discovery
behavioral21 behavioral22
- Target
  
  $PLUGINSDIR/nsExec.dll
- Size
  
  6KB
- MD5
  
  c5b9fe538654a5a259cf64c2455c5426
- SHA1
  
  db45505fa041af025de53a0580758f3694b9444a
- SHA256
  
  7b51372117960e84d6f5eb3a26810cc044ff02283b3d656a0a456b0ab5cb8ea7
- SHA512
  
  f0f8a5570c01b16e54f47502e867ffbaf162b44a847c0ffc8062d20e9492114229de5d9d2a836da256fd3f9fb493536bdbf148d5308695b16c0e98d20d8926aa
- SSDEEP
  
  96:xr7fhfKaGgchPzxK6bq+pKX6D8ZLidGgmkNL38:xxbGgGPzxeX6D8ZyGgmkN
Score

3^/10

discovery
behavioral23 behavioral24

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Executes dropped EXE

Loads dropped DLL

Adds Run key to start application

Checks installed software on the system

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

Executes dropped EXE

Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24