f56ec04d8fa2968c7afe11afdea1ceda1f300409a875c939308ccae7799aa75b | Triage

Resubmissions

28/09/2024, 22:17

240928-17j4vs1fpg 8

28/09/2024, 22:07

240928-115f8a1dpg 8

Sharing

Copy URL Twitter E-mail

General

Target

TLD_Fix_Repair_Steam_V3_Generic.rar
Size

9.3MB
Sample

240928-17j4vs1fpg
MD5

1970d73dfe67fb7feacf815952a35c17
SHA1

61fc0b904a1bd7de4d4a1320f8203e041a00cb0b
SHA256

f56ec04d8fa2968c7afe11afdea1ceda1f300409a875c939308ccae7799aa75b
SHA512

eebacfdc5d81b16996dd2f271b5171f615809489ae566e53ae7778c1a288925e0df84b49f8d382faa46b6cbba7104ec30c05d0164f42907fc442f7f755636152
SSDEEP

196608:m8AYPsO1s/A7kJIIY/VQpb4Fke4/F+VbVo1BUmoU/IHDY2C34g5z:mqK/A4K/Vcb4e7CbOTGDYR342z

Score

8^/10

discovery evasion trojan

Malware Config

Targets

- Target
  
  TLD_Fix_Repair_Steam_V3_Generic.rar
- Size
  
  9.3MB
- MD5
  
  1970d73dfe67fb7feacf815952a35c17
- SHA1
  
  61fc0b904a1bd7de4d4a1320f8203e041a00cb0b
- SHA256
  
  f56ec04d8fa2968c7afe11afdea1ceda1f300409a875c939308ccae7799aa75b
- SHA512
  
  eebacfdc5d81b16996dd2f271b5171f615809489ae566e53ae7778c1a288925e0df84b49f8d382faa46b6cbba7104ec30c05d0164f42907fc442f7f755636152
- SSDEEP
  
  196608:m8AYPsO1s/A7kJIIY/VQpb4Fke4/F+VbVo1BUmoU/IHDY2C34g5z:mqK/A4K/Vcb4e7CbOTGDYR342z
Score

8^/10

discovery
- Downloads MZ/PE file
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2
- Target
  
  OnlineFix.ini
- Size
  
  542B
- MD5
  
  06d89805a21b85f10e6570ec88948c4a
- SHA1
  
  d9605a27c02845ad312dabb8cefec1085d34591e
- SHA256
  
  b89b7237ae9c2e376b630721dc0a1bc21f86192b78b637c681c80fd0800a9a22
- SHA512
  
  a12344db849a6531f48388c3a9f77d18af22ac84b110adcbc1ce8192081323fa389ac6c8b05aa8e7c358fc64091ee26cc20b06995613f4894ba2f9239e5bde19
Score

1^/10
behavioral3 behavioral4
- Target
  
  OnlineFix.url
- Size
  
  46B
- MD5
  
  59bf167dc52a52f6e45f418f8c73ffa1
- SHA1
  
  fa006950a6a971e89d4a1c23070d458a30463999
- SHA256
  
  3cb526cccccc54af4c006fff00d1f48f830d08cdd4a2f21213856065666ef38e
- SHA512
  
  00005820f0418d4a3b802de4a7055475c88d79c2ee3ebfa580b7ae66a12c6966e5b092a02dc0f40db0fd3b821ea28d4aec14d7d404ead4ea88dc54a1815ffe26
Score

6^/10

discovery evasion trojan
- Checks whether UAC is enabled
  evasion trojan
- Legitimate hosting services abused for malware hosting/C2
behavioral5 behavioral6
- Target
  
  OnlineFix64.dll
- Size
  
  10.5MB
- MD5
  
  539956c25297134e28e82ef79dd06f5d
- SHA1
  
  d0c6833ab7a832cbf7582d2e80f654cc746d995b
- SHA256
  
  0faf4a397cbc7828a29313447684d2300794d48bdb9b21cf539e5f1320f43436
- SHA512
  
  fe4aa756abce70166fc53518da319eff8041271c3798b3acfed38aceb65c49900ec83f81e696ade10b5a18d62bb0413a9796c511039a1f01e061565bd33342a6
- SSDEEP
  
  196608:5QViBePwq4HldJYE9Acp9lhgUwYlBUWnHOBfMnvsQQFXvYrDAeNrRoJi6:5QoLb9BHhgVYFnQfMvgYPAexu9
Score

1^/10
behavioral7 behavioral8
- Target
  
  SteamOverlay64.dll
- Size
  
  96KB
- MD5
  
  549eb651023fa847d2212bebe29c6f9e
- SHA1
  
  f70fbe8f46cbd90c185eac2a2df843e2c3405a8f
- SHA256
  
  9edeba9df599d65fb378d4bcbe16e9ac2ea3b7850491e662e8ddaf6f1d74849e
- SHA512
  
  9e249b8d589c52857362b0611c265c21d1f715749e6b7a75e112d28aec89975655a8ef62ad1de812fadd39a48f0e01cc8eef9e33bbb5e30da827020c77247c68
- SSDEEP
  
  3072:YV/XjVTzI4OC9cFnlHB6innA2ezcqSn4ueM+GLSD:iTi4OUc7Kt
Score

1^/10
behavioral10 behavioral9
- Target
  
  TheLongDrive_Data/Plugins/x86_64/steam_api64.dll
- Size
  
  256KB
- MD5
  
  8afde2d19c89d0bf1a9f6ec475aa0ebb
- SHA1
  
  7d1453b841dfb1101ab45f63d3b4294b6c5d0cb6
- SHA256
  
  473f5a312b56519f347741b63f3dea590946b96ea40ef3803d5f452c39af2f1e
- SHA512
  
  4166361eead938b1a01f110ae3acd3660f5123ccf97b4504ed0577b3eedbe57cee5222aef037524de6051a6727c88161a4aa250b4ae60fd84ccfb2591d1b2090
- SSDEEP
  
  3072:NfpmprkbwQzAVsCeOTdmTxMezfOLgSbew/N65lhTbC66rpFvwLdyN+Qe2UvMxCbh:mprksQUVsCeOTdmTxDSLGnpynxCbmyx
Score

1^/10
behavioral11 behavioral12
- Target
  
  dlllist.txt
- Size
  
  35B
- MD5
  
  ff98c62757cb7c9f5dbedcd67d3781f6
- SHA1
  
  82076991ee9a824bcf9969b416fcc163d02a6160
- SHA256
  
  662dd415e2796635702c49586fb99ae62a3c6f595976d6923ec8a4e7c23fa8fe
- SHA512
  
  42973bbb4feb375354684c0356c45bfa7f0bf63056906244c2c0ac89720326cfa41c9aa51e2522d1d9da66c019ccf3dba570a732007e8b3306e66920faaae791
Score

1^/10
behavioral13 behavioral14
- Target
  
  winmm.dll
- Size
  
  512KB
- MD5
  
  e59aac558d9f9c5d1312ac24d09c51d5
- SHA1
  
  2f11c4b00f5f92d4466348f9501aa657c9bf6fa7
- SHA256
  
  ba37009eef6c041bc6d0a271c13679fb9e14a005bd7e038cee596cd4064cf8b3
- SHA512
  
  1c3b357074d62d5ca11c92d71ffdacb4a7e3d6fb17cbd4b489e5bea0032cea43650a6809388e98e4b98256b477c6b5dbd8fd2c7f4e3e08af00ef68e0ed4406d0
- SSDEEP
  
  12288:XQxOD9ZC0WKOy8zMtJKpBmpMgBNwQuQmMzWq0hNwnoAZwl:XQxOD9ZFKpB+N7JmMzWq0hNwnBZ
Score

1^/10
behavioral15 behavioral16

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

discoveryevasiontrojan

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16