da3fbccef03a9a280eff85af0482fb33f9a0d6feb22ecee829d02f0cd1e2cea2 | Triage

Submit
Reports

Overview

overview

8

Static

static

1

AASDF.txt

windows7-x64

1

AASDF.txt

windows10-2004-x64

8

Sharing

General

Target

AASDF.txt
Size

26B
Sample

241031-1c14wstgmk
MD5

cf0baaedd1597397fdb17ca598cf85d7
SHA1

54227f21f4b5e4a503ee1bafe159237757249160
SHA256

da3fbccef03a9a280eff85af0482fb33f9a0d6feb22ecee829d02f0cd1e2cea2
SHA512

c2da5a954a11ecf579b14a4ca358f2b2e7cfb1deafda021eb9b49976ec6fb30f5da67a869e78dedd94f40eae8be4a9f29f9942a453415af4bb037eb4b866ea89

Score

8^/10

steam defense_evasion discovery persistence phishing pyinstaller

Static task

static1

Behavioral task

behavioral1

Sample

AASDF.txt

Resource

win7-20241010-es

windows7-x64

1 signatures

1800 seconds

Behavioral task

behavioral2

Sample

AASDF.txt

Resource

win10v2004-20241007-es

steam defense_evasion discovery persistence phishing pyinstaller

windows10-2004-x64

30 signatures

1800 seconds

Malware Config

Targets

- Target
  
  AASDF.txt
- Size
  
  26B
- MD5
  
  cf0baaedd1597397fdb17ca598cf85d7
- SHA1
  
  54227f21f4b5e4a503ee1bafe159237757249160
- SHA256
  
  da3fbccef03a9a280eff85af0482fb33f9a0d6feb22ecee829d02f0cd1e2cea2
- SHA512
  
  c2da5a954a11ecf579b14a4ca358f2b2e7cfb1deafda021eb9b49976ec6fb30f5da67a869e78dedd94f40eae8be4a9f29f9942a453415af4bb037eb4b866ea89
Score

8^/10

steam defense_evasion discovery persistence phishing pyinstaller
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Detected potential entity reuse from brand STEAM.
  phishing steam
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

SIP and Trust Provider Hijacking

Credential Access

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

steamdefense_evasiondiscoverypersistencephishingpyinstaller

© 2018-2024

Terms | Privacy