793a6b5980872bc0c16c53ee550f860b90e8955fbbf2f0bd15734e05e9b4c3b8 | Triage

Submit
Reports

Overview

overview

6

Static

static

1

Koalageddon-2.0.1.msi

windows7-x64

6

Koalageddon-2.0.1.msi

windows10-2004-x64

6

Resubmissions

29-10-2024 07:28

241029-jawmysxfmk 6

29-10-2024 07:21

241029-h6xz8avnek 6

Sharing

General

Target

Koalageddon-2.0.1.msi
Size

46.4MB
Sample

241029-jawmysxfmk
MD5

155295f8dbaae190dd34adadecfb302e
SHA1

c720229eb480dadd40649a2447b3e618a83d568c
SHA256

793a6b5980872bc0c16c53ee550f860b90e8955fbbf2f0bd15734e05e9b4c3b8
SHA512

cd6d4405bf387faa538426a2cfefdecd4c7f3a649f4cfce1eab85cea22a345f304525d222a48785528b7e19f83b76a536a1895e3f32ea8153d93ddae29850dd7
SSDEEP

786432:EdQiEpqgLHk81Ywf/9gK7rhd8cHcSQAw8Luh1CKGSsKN4PgGagUiNaLFRB3p/n4U:GXEvE81vCjSE8yhAc1TgUiNaLFRdlx0e

Score

6^/10

steam discovery persistence phishing privilege_escalation

Static task

static1

Behavioral task

behavioral1

Sample

Koalageddon-2.0.1.msi

Resource

win7-20241010-en

steam discovery persistence phishing privilege_escalation

windows7-x64

28 signatures

150 seconds

Behavioral task

behavioral2

Sample

Koalageddon-2.0.1.msi

Resource

win10v2004-20241007-en

discovery persistence privilege_escalation

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Targets

- Target
  
  Koalageddon-2.0.1.msi
- Size
  
  46.4MB
- MD5
  
  155295f8dbaae190dd34adadecfb302e
- SHA1
  
  c720229eb480dadd40649a2447b3e618a83d568c
- SHA256
  
  793a6b5980872bc0c16c53ee550f860b90e8955fbbf2f0bd15734e05e9b4c3b8
- SHA512
  
  cd6d4405bf387faa538426a2cfefdecd4c7f3a649f4cfce1eab85cea22a345f304525d222a48785528b7e19f83b76a536a1895e3f32ea8153d93ddae29850dd7
- SSDEEP
  
  786432:EdQiEpqgLHk81Ywf/9gK7rhd8cHcSQAw8Luh1CKGSsKN4PgGagUiNaLFRB3p/n4U:GXEvE81vCjSE8yhAc1TgUiNaLFRdlx0e
Score

6^/10

steam discovery persistence phishing privilege_escalation
- Adds Run key to start application
  persistence
- Downloads MZ/PE file
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Legitimate hosting services abused for malware hosting/C2
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Detected potential entity reuse from brand STEAM.
  phishing steam
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Event Triggered Execution

Installer Packages

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Event Triggered Execution

Installer Packages

Defense Evasion

Modify Registry

System Binary Proxy Execution

Msiexec

Credential Access

Discovery

Browser Information Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

steamdiscoverypersistencephishingprivilege_escalation

behavioral2

discoverypersistenceprivilege_escalation

© 2018-2024

Terms | Privacy