General
-
Target
SteamSetup.exe
-
Size
2.3MB
-
Sample
241023-vxkdzs1gnd
-
MD5
1b54b70beef8eb240db31718e8f7eb5d
-
SHA1
da5995070737ec655824c92622333c489eb6bce4
-
SHA256
7d3654531c32d941b8cae81c4137fc542172bfa9635f169cb392f245a0a12bcb
-
SHA512
fda935694d0652dab3f1017faaf95781a300b420739e0f9d46b53ce07d592a4cfa536524989e2fc9f83602d315259817638a89c4e27da709aada5d1360b717eb
-
SSDEEP
49152:UDP/q9MIX/crfcNVBaXp1m0zyVCMwBHgFzoZhRP8:kC9MI8Hm0GCjgFc3Rk
Static task
static1
Behavioral task
behavioral1
Sample
SteamSetup.exe
Resource
win10ltsc2021-20241023-en
Malware Config
Targets
-
-
Target
SteamSetup.exe
-
Size
2.3MB
-
MD5
1b54b70beef8eb240db31718e8f7eb5d
-
SHA1
da5995070737ec655824c92622333c489eb6bce4
-
SHA256
7d3654531c32d941b8cae81c4137fc542172bfa9635f169cb392f245a0a12bcb
-
SHA512
fda935694d0652dab3f1017faaf95781a300b420739e0f9d46b53ce07d592a4cfa536524989e2fc9f83602d315259817638a89c4e27da709aada5d1360b717eb
-
SSDEEP
49152:UDP/q9MIX/crfcNVBaXp1m0zyVCMwBHgFzoZhRP8:kC9MI8Hm0GCjgFc3Rk
-
Possible privilege escalation attempt
-
Modifies file permissions
-
Adds Run key to start application
-
Downloads MZ/PE file
-
Legitimate hosting services abused for malware hosting/C2
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Sets desktop wallpaper using registry
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Pre-OS Boot
1Bootkit
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
File and Directory Permissions Modification
1Modify Registry
3Pre-OS Boot
1Bootkit
1Subvert Trust Controls
2Install Root Certificate
1SIP and Trust Provider Hijacking
1