Overview

overview

6

Static

static

1

SteamSetup (7).exe

windows11-21h2-x64

6

$PLUGINSDI...ls.dll

windows11-21h2-x64

3

$PLUGINSDI...em.dll

windows11-21h2-x64

3

$PLUGINSDI...gs.dll

windows11-21h2-x64

3

$PLUGINSDI...ec.dll

windows11-21h2-x64

3

$PLUGINSDI...ss.dll

windows11-21h2-x64

3

Steam.exe

windows11-21h2-x64

4

bin/SteamService.exe

windows11-21h2-x64

1

uninstall.exe

windows11-21h2-x64

4

$PLUGINSDI...LL.dll

windows11-21h2-x64

3

$PLUGINSDI...nk.dll

windows11-21h2-x64

3

$PLUGINSDI...ec.dll

windows11-21h2-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    SteamSetup (7).exe

  • Size

    2.3MB

  • Sample

    241023-j73sjazcke

  • MD5

    1b54b70beef8eb240db31718e8f7eb5d

  • SHA1

    da5995070737ec655824c92622333c489eb6bce4

  • SHA256

    7d3654531c32d941b8cae81c4137fc542172bfa9635f169cb392f245a0a12bcb

  • SHA512

    fda935694d0652dab3f1017faaf95781a300b420739e0f9d46b53ce07d592a4cfa536524989e2fc9f83602d315259817638a89c4e27da709aada5d1360b717eb

  • SSDEEP

    49152:UDP/q9MIX/crfcNVBaXp1m0zyVCMwBHgFzoZhRP8:kC9MI8Hm0GCjgFc3Rk

Score
6/10
defense_evasiondiscoveryevasionpersistenceprivilege_escalationspywarestealertrojan

Malware Config

Targets

    • Target

      SteamSetup (7).exe

    • Size

      2.3MB

    • MD5

      1b54b70beef8eb240db31718e8f7eb5d

    • SHA1

      da5995070737ec655824c92622333c489eb6bce4

    • SHA256

      7d3654531c32d941b8cae81c4137fc542172bfa9635f169cb392f245a0a12bcb

    • SHA512

      fda935694d0652dab3f1017faaf95781a300b420739e0f9d46b53ce07d592a4cfa536524989e2fc9f83602d315259817638a89c4e27da709aada5d1360b717eb

    • SSDEEP

      49152:UDP/q9MIX/crfcNVBaXp1m0zyVCMwBHgFzoZhRP8:kC9MI8Hm0GCjgFc3Rk

    Score
    6/10
    defense_evasiondiscoveryevasionpersistenceprivilege_escalationspywarestealertrojan

    • Adds Run key to start application

      persistence

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

      persistence

    • Drops desktop.ini file(s)

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Event Triggered Execution: Image File Execution Options Injection

      persistence

    • Indicator Removal: Clear Persistence

      remove IFEO.

      defense_evasion

    • Drops file in System32 directory

    • Event Triggered Execution: Component Object Model Hijacking

      Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

      persistenceprivilege_escalation
    behavioral1

    • Target

      $PLUGINSDIR/StdUtils.dll

    • Size

      110KB

    • MD5

      db11ab4828b429a987e7682e495c1810

    • SHA1

      29c2c2069c4975c90789dc6d3677b4b650196561

    • SHA256

      c602c44a4d4088dbf5a659f36ba1c3a9d81f8367577de0cb940c0b8afee5c376

    • SHA512

      460d1ccfc0d7180eae4e6f1a326d175fec78a7d6014447a9a79b6df501fa05cd4bd90f8f7a85b7b6a4610e2fa7059e30ae6e17bc828d370e5750de9b40b9ae88

    • SSDEEP

      1536:cyy+HcFWrX52XWcS15c4DBVOw/bEQvWt6uouMw5m0mhdBu4NpBTvO7Fvo6mVS6oz:fy+8ozImcSNd1YHbMbCk/S

    Score
    3/10
    discovery
    behavioral2

    • Target

      $PLUGINSDIR/System.dll

    • Size

      22KB

    • MD5

      a36fbe922ffac9cd85a845d7a813f391

    • SHA1

      f656a613a723cc1b449034d73551b4fcdf0dcf1a

    • SHA256

      fa367ae36bfbe7c989c24c7abbb13482fc20bc35e7812dc377aa1c281ee14cc0

    • SHA512

      1d1b95a285536ddc2a89a9b3be4bb5151b1d4c018ea8e521de838498f62e8f29bb7b3b0250df73e327e8e65e2c80b4a2d9a781276bf2a51d10e7099bacb2e50b

    • SSDEEP

      384:V8QIl975eXqlWBrz7YLOlE/NyQH38E9VF6IYinAM+oZ5a1TN:VgPgrfYLO+rMEpYinAMxZG

    Score
    3/10
    discovery
    behavioral3

    • Target

      $PLUGINSDIR/nsDialogs.dll

    • Size

      20KB

    • MD5

      4e5bc4458afa770636f2806ee0a1e999

    • SHA1

      76dcc64af867526f776ab9225e7f4fe076487765

    • SHA256

      91a484dc79be64dd11bf5acb62c893e57505fcd8809483aa92b04f10d81f9de0

    • SHA512

      b6f529073a943bddbcb30a57d62216c78fcc9a09424b51ac0824ebfb9cac6cae4211bda26522d6923bd228f244ed8c41656c38284c71867f65d425727dd70162

    • SSDEEP

      384:ABSzm+t18pZ0WAg0RhIFgnGNyQH38E9VF6IYinAM+oZfNRoZk:NupZ/Ag0/T8MEpYinAMxZ7oW

    Score
    3/10
    discovery
    behavioral4

    • Target

      $PLUGINSDIR/nsExec.dll

    • Size

      17KB

    • MD5

      2095af18c696968208315d4328a2b7fe

    • SHA1

      b1b0e70c03724b2941e92c5098cc1fc0f2b51568

    • SHA256

      3e2399ae5ce16dd69f7e2c71d928cf54a1024afced8155f1fd663a3e123d9226

    • SHA512

      60105dfb1cd60b4048bd7b367969f36ed6bd29f92488ba8cfa862e31942fd529cbc58e8b0c738d91d8bef07c5902ce334e36c66eae1bfe104b44a159b5615ae5

    • SSDEEP

      384:PbGgezxEqoyGgmkNFNyQH38E9VF6IYinAM+oZhc3iMy8:T31yGLkbMEpYinAMxZAy8

    Score
    3/10
    discovery
    behavioral5

    • Target

      $PLUGINSDIR/nsProcess.dll

    • Size

      15KB

    • MD5

      08072dc900ca0626e8c079b2c5bcfcf3

    • SHA1

      35f2bfa0b1b2a65b9475fb91af31f7b02aee4e37

    • SHA256

      bb6ce83ddaad4f530a66a1048fac868dfc3b86f5e7b8e240d84d1633e385aee8

    • SHA512

      8981da7f225eb78c414e9fb3c63af0c4daae4a78b4f3033df11cce43c3a22fdbf3853425fe3024f68c73d57ffb128cba4d0db63eda1402212d1c7e0ac022353c

    • SSDEEP

      192:WUl64IGsjDNyQDbnPvy2sE9jBF6IYiYF8pA5K+oZ7W76OCwy9GUe:5ZsNyQH38E9VF6IYinAM+oZYsBe

    Score
    3/10
    discovery
    behavioral6

    • Target

      Steam.exe

    • Size

      4.2MB

    • MD5

      33bcb1c8975a4063a134a72803e0ca16

    • SHA1

      ed7a4e6e66511bb8b3e32cbfb5557ebcb4082b65

    • SHA256

      12222b0908eb69581985f7e04aa6240e928fb08aa5a3ec36acae3440633c9eb1

    • SHA512

      13f3a7d6215bb4837ea0a1a9c5ba06a985e0c80979c25cfb526a390d71a15d1737c0290a899f4705c2749982c9f6c9007c1751fef1a97b12db529b2f33c97b49

    • SSDEEP

      98304:7JeV/ztZBe91oiImuUiK9N9EGQKF9lSHbr7aw:1S/hwkmg4EpbrOw

    Score
    4/10
    discovery
    behavioral7

    • Target

      bin/SteamService.exe

    • Size

      2.5MB

    • MD5

      ba0ea9249da4ab8f62432617489ae5a6

    • SHA1

      d8873c5dcb6e128c39cf0c423b502821343659a7

    • SHA256

      ce177dc8cf42513ff819c7b8597c7be290f9e98632a34ecd868dc76003421f0d

    • SHA512

      52958d55b03e1ddc69afc2f1a02f7813199e4b3bf114514c438ab4d10d5ca83b865ba6090550951c0a43b666c6728304009572212444a27a3f5184663f4b0b8b

    • SSDEEP

      49152:G+v+Y6iR3Gdcw/9I4AEZvvxYtP6iJ6aFmDJRicyM/wHH1sc:G+v+YbGiwV9AEZvW0iJRma

    Score
    1/10
    behavioral8

    • Target

      uninstall.exe

    • Size

      155KB

    • MD5

      32109e2aac377fa07b849f4f4033edc5

    • SHA1

      a7b87a221744fb2e36327be0a34c17b7d734c47f

    • SHA256

      72ffe8859eaa63637f5a62b7c454241db35938f8326f6ccf20352e00f8df2fe5

    • SHA512

      688d9b51060d84c4e2dd0ddbb20d43bbc8bf93a903f26e855f546335bd7a5c9ef5c6f888dff35d379cbb1d782c5e231b33831b7272cde2b40c2d7fc2b85ffc0d

    • SSDEEP

      3072:iIAe+3aJpgWXTBuq/JFONM2cZ6iKowuq12ApG3s/6:izB+pgURJFOS21iQ5i+6

    Score
    4/10
    discovery
    behavioral9

    • Target

      $PLUGINSDIR/LangDLL.dll

    • Size

      16KB

    • MD5

      46ba3881f8b27f54a8d92d600e61ee7b

    • SHA1

      15933b6ece85a6d45fd78ae499b445a3bc6d2d05

    • SHA256

      4fca692a36f0c99e26b5bc7ef9db5269d2c1e21288184953898130fea9b1c4fc

    • SHA512

      6f64d3cb4634ed51710f578667b92a429aa871a0a141092df3cf7e0134a0b145f802f91126f1ce43ddb4b9d6cc6fb875c9acec22eab0cec86a72dd916e1f9eb3

    • SSDEEP

      384:kTrZBV86AQINyQH38E9VF6IYinAM+oZtfpMVK:kXZL86A1MEpYinAMxZ5aK

    Score
    3/10
    discovery
    behavioral10

    • Target

      $PLUGINSDIR/ShellLink.dll

    • Size

      15KB

    • MD5

      130e29fa7dc68393d3ef12fa5fe876b9

    • SHA1

      54d3b821df8f42e26698f0cf99bca5d2e6aa080e

    • SHA256

      eae7829a3df5d8d63e16787f7c3d5ae4b82b3b79c2cd7aad9c2532374b6ea522

    • SHA512

      56dbae0e1918ed50c99a863304544d5d31925c62d4ebfd7244d67f909c353ee4160b081b43832cf33f1048f998431ba14270600de512dc6c853a17dd524df317

    • SSDEEP

      384:Ld7JQGYNyQH38E9VF6IYinAM+oZiDzQ06:LgVMEpYinAMxZqzB6

    Score
    3/10
    discovery
    behavioral11

    • Target

      $PLUGINSDIR/nsExec.dll

    • Size

      17KB

    • MD5

      2095af18c696968208315d4328a2b7fe

    • SHA1

      b1b0e70c03724b2941e92c5098cc1fc0f2b51568

    • SHA256

      3e2399ae5ce16dd69f7e2c71d928cf54a1024afced8155f1fd663a3e123d9226

    • SHA512

      60105dfb1cd60b4048bd7b367969f36ed6bd29f92488ba8cfa862e31942fd529cbc58e8b0c738d91d8bef07c5902ce334e36c66eae1bfe104b44a159b5615ae5

    • SSDEEP

      384:PbGgezxEqoyGgmkNFNyQH38E9VF6IYinAM+oZhc3iMy8:T31yGLkbMEpYinAMxZAy8

    Score
    3/10
    discovery
    behavioral12

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

2
T1547

Active Setup

1
T1547.014

Registry Run Keys / Startup Folder

1
T1547.001

Event Triggered Execution

2
T1546

Component Object Model Hijacking

1
T1546.015

Image File Execution Options Injection

1
T1546.012

Privilege Escalation

Boot or Logon Autostart Execution

2
T1547

Active Setup

1
T1547.014

Registry Run Keys / Startup Folder

1
T1547.001

Event Triggered Execution

2
T1546

Component Object Model Hijacking

1
T1546.015

Image File Execution Options Injection

1
T1546.012

Defense Evasion

Indicator Removal

1
T1070

Clear Persistence

1
T1070.009

Modify Registry

4
T1112

Subvert Trust Controls

1
T1553

Install Root Certificate

1
T1553.004

Credential Access

Credentials from Password Stores

1
T1555

Credentials from Web Browsers

1
T1555.003

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

Browser Information Discovery

1
T1217

Peripheral Device Discovery

2
T1120

Query Registry

6
T1012

System Information Discovery

6
T1082

System Location Discovery

1
T1614

System Language Discovery

1
T1614.001

Lateral Movement

Collection

Data from Local System

1
T1005

Command and Control

Exfiltration

Impact

Tasks