f1b27ee139e88001e5932fda0abf9f305b780da2c8b22536efc107dbfb17e523 | Triage

Submit
Reports

Overview

overview

9

Static

static

3

astra - 1.0.1.exe

windows10-2004-x64

9

Sharing

General

Target

astra - 1.0.1.exe
Size

1.8MB
Sample

241027-ynfafsypfr
MD5

a2541b3b3964846cc10d5e6d6b47596d
SHA1

db5307fb900cdcaaf61dda25171a635c4c17822b
SHA256

f1b27ee139e88001e5932fda0abf9f305b780da2c8b22536efc107dbfb17e523
SHA512

e305f78cc6f25c60f18f0fd84336d247ea329e01d8288ba791d74adb375291614e2f8db9e3e74363a419e06f2ebbf1e209d61329a4c1df69afea0bb79a036378
SSDEEP

49152:mciCu12nlG36D4HHQ2VMeEHBefw9feg8:s93CAQq4UYs

Score

9^/10

steam discovery evasion persistence phishing

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

astra - 1.0.1.exe

Resource

win10v2004-20241007-en

steam discovery evasion persistence phishing

windows10-2004-x64

31 signatures

600 seconds

Malware Config

Targets

- Target
  
  astra - 1.0.1.exe
- Size
  
  1.8MB
- MD5
  
  a2541b3b3964846cc10d5e6d6b47596d
- SHA1
  
  db5307fb900cdcaaf61dda25171a635c4c17822b
- SHA256
  
  f1b27ee139e88001e5932fda0abf9f305b780da2c8b22536efc107dbfb17e523
- SHA512
  
  e305f78cc6f25c60f18f0fd84336d247ea329e01d8288ba791d74adb375291614e2f8db9e3e74363a419e06f2ebbf1e209d61329a4c1df69afea0bb79a036378
- SSDEEP
  
  49152:mciCu12nlG36D4HHQ2VMeEHBefw9feg8:s93CAQq4UYs
Score

9^/10

steam discovery evasion persistence phishing
- Looks for VirtualBox Guest Additions in registry
  evasion
- Downloads MZ/PE file
- Looks for VMWare Tools registry key
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
- Detected potential entity reuse from brand STEAM.
  phishing steam
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Virtualization/Sandbox Evasion

Credential Access

Discovery

Browser Information Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

steamdiscoveryevasionpersistencephishing

© 2018-2024

Terms | Privacy