f308a5904f559d68c93965a80d52ce1b54b19476c5ea0214b855a4df6a9562cd | Triage

Submit
Reports

Overview

overview

6

Static

static

3

CrosshairX...rX.exe

windows11-21h2-x64

6

Resubmissions

21/09/2024, 15:09

240921-sjqyhaydkb 3

21/09/2024, 15:06

240921-sg6k6syclc 3

21/09/2024, 14:51

240921-r8kbksyblr 6

Sharing

Copy URL Twitter E-mail

General

Target

CrosshairX.zip
Size

184.3MB
Sample

240921-r8kbksyblr
MD5

e2500ca07587395a85b916baa0e097f1
SHA1

e630bb8c9ea557f26064433f292f4ed06213d1bd
SHA256

f308a5904f559d68c93965a80d52ce1b54b19476c5ea0214b855a4df6a9562cd
SHA512

9bee88a93d5039d4900c69bb8a38d810bfc97bc5df7e28449b62075c758bc118522e04624d3406664c96f4a476de9b823c8267af36e76cb2bf30b1dda514ccd1
SSDEEP

3145728:VXWM+WdM+QHFdecC4dm1l6+cP32WNfMjiBQ7282rlQ2h4isA51Qs0vV5x1wIiOyN:d+WrYdeR4dWk2D0V82rai/Q9npI

Score

6^/10

steam defense_evasion discovery persistence phishing

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

CrosshairX/CrosshairX.exe

Resource

win11-20240802-en

steam defense_evasion discovery persistence phishing

windows11-21h2-x64

23 signatures

1200 seconds

Malware Config

Targets

- Target
  
  CrosshairX/CrosshairX.exe
- Size
  
  172.6MB
- MD5
  
  28411cd92a06b2d5ec5cd35a80259103
- SHA1
  
  dc0a2ede25384b872d69d52c1803189ed51b1c8f
- SHA256
  
  4104bf35002f78a8b8f6491aa54d189279f9309b51b754710cce2ea021dea833
- SHA512
  
  825c7c16034b1a9193bf8a967695709caf143280af351ec4975d75db75aa993e70fe4cd9c656f0424cda98a3478a2bf0b9b322c2eef4a8dcc0ad0f09d8a731bb
- SSDEEP
  
  1572864:SvDiRV7iEqRRhCLvfL4j85pyO4C/HTsA5u8/qUw3g4JEZEKLhMPMdQj58mfQ:aDEflMPMdQt8X
Score

6^/10

steam defense_evasion discovery persistence phishing
- Adds Run key to start application
  persistence
- Downloads MZ/PE file
- Detected potential entity reuse from brand steam.
  phishing steam
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

SIP and Trust Provider Hijacking

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

steamdefense_evasiondiscoverypersistencephishing

© 2018-2025

Terms | Privacy