Overview
overview
6Static
static
3awd.rar
windows11-21h2-x64
1awd/SteamS...1).exe
windows11-21h2-x64
6$PLUGINSDI...ls.dll
windows11-21h2-x64
3$PLUGINSDI...em.dll
windows11-21h2-x64
3$PLUGINSDI...gs.dll
windows11-21h2-x64
3$PLUGINSDI...ec.dll
windows11-21h2-x64
3$PLUGINSDI...ss.dll
windows11-21h2-x64
3Steam.exe
windows11-21h2-x64
4bin/SteamService.exe
windows11-21h2-x64
1uninstall.exe
windows11-21h2-x64
4$PLUGINSDI...LL.dll
windows11-21h2-x64
3$PLUGINSDI...nk.dll
windows11-21h2-x64
3$PLUGINSDI...ec.dll
windows11-21h2-x64
3awd/Steamt...1).exe
windows11-21h2-x64
1General
-
Target
awd.rar
-
Size
2.6MB
-
Sample
241119-y9qy3s1rax
-
MD5
13fbac14ae846a84411f39ca29e085a5
-
SHA1
7b18da535912b56e0f8546f0ac63c74da9efff54
-
SHA256
3f2e89b07e7730999d80b41a44dc29f53aaba7875da5734b8158bfa74f645f3f
-
SHA512
9391f9abe6cb69e6cf54973e359d0b1c90af1f4c896cbc88339c624500dfce37b8522c8f2cb3a76ddccae4463c5dc14e1c80fdfca47b094b984dd01b78d83e6e
-
SSDEEP
49152:+ZfyI6jfYdZFSzqDm5qDYho6QADT5zFl5uy55Sl/HgIc9Cg03TGjytsU3YxGWbZO:+Zfe+bSaCqkR5uy7qHgh1eTGgHl
Static task
static1
Behavioral task
behavioral1
Sample
awd.rar
Resource
win11-20241007-en
Behavioral task
behavioral2
Sample
awd/SteamSetup (1).exe
Resource
win11-20241007-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/StdUtils.dll
Resource
win11-20241007-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/System.dll
Resource
win11-20241007-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/nsDialogs.dll
Resource
win11-20241007-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/nsExec.dll
Resource
win11-20241007-en
Behavioral task
behavioral7
Sample
$PLUGINSDIR/nsProcess.dll
Resource
win11-20241007-en
Behavioral task
behavioral8
Sample
Steam.exe
Resource
win11-20241007-en
Behavioral task
behavioral9
Sample
bin/SteamService.exe
Resource
win11-20241007-en
Behavioral task
behavioral10
Sample
uninstall.exe
Resource
win11-20241023-en
Behavioral task
behavioral11
Sample
$PLUGINSDIR/LangDLL.dll
Resource
win11-20241007-en
Behavioral task
behavioral12
Sample
$PLUGINSDIR/ShellLink.dll
Resource
win11-20241007-en
Behavioral task
behavioral13
Sample
$PLUGINSDIR/nsExec.dll
Resource
win11-20241007-en
Behavioral task
behavioral14
Sample
awd/SteamtoolsSetup (1) (1).exe
Resource
win11-20241007-en
Malware Config
Targets
-
-
Target
awd.rar
-
Size
2.6MB
-
MD5
13fbac14ae846a84411f39ca29e085a5
-
SHA1
7b18da535912b56e0f8546f0ac63c74da9efff54
-
SHA256
3f2e89b07e7730999d80b41a44dc29f53aaba7875da5734b8158bfa74f645f3f
-
SHA512
9391f9abe6cb69e6cf54973e359d0b1c90af1f4c896cbc88339c624500dfce37b8522c8f2cb3a76ddccae4463c5dc14e1c80fdfca47b094b984dd01b78d83e6e
-
SSDEEP
49152:+ZfyI6jfYdZFSzqDm5qDYho6QADT5zFl5uy55Sl/HgIc9Cg03TGjytsU3YxGWbZO:+Zfe+bSaCqkR5uy7qHgh1eTGgHl
Score1/10 -
-
-
Target
awd/SteamSetup (1).exe
-
Size
2.3MB
-
MD5
1b54b70beef8eb240db31718e8f7eb5d
-
SHA1
da5995070737ec655824c92622333c489eb6bce4
-
SHA256
7d3654531c32d941b8cae81c4137fc542172bfa9635f169cb392f245a0a12bcb
-
SHA512
fda935694d0652dab3f1017faaf95781a300b420739e0f9d46b53ce07d592a4cfa536524989e2fc9f83602d315259817638a89c4e27da709aada5d1360b717eb
-
SSDEEP
49152:UDP/q9MIX/crfcNVBaXp1m0zyVCMwBHgFzoZhRP8:kC9MI8Hm0GCjgFc3Rk
Score6/10-
Adds Run key to start application
-
-
-
Target
$PLUGINSDIR/StdUtils.dll
-
Size
110KB
-
MD5
db11ab4828b429a987e7682e495c1810
-
SHA1
29c2c2069c4975c90789dc6d3677b4b650196561
-
SHA256
c602c44a4d4088dbf5a659f36ba1c3a9d81f8367577de0cb940c0b8afee5c376
-
SHA512
460d1ccfc0d7180eae4e6f1a326d175fec78a7d6014447a9a79b6df501fa05cd4bd90f8f7a85b7b6a4610e2fa7059e30ae6e17bc828d370e5750de9b40b9ae88
-
SSDEEP
1536:cyy+HcFWrX52XWcS15c4DBVOw/bEQvWt6uouMw5m0mhdBu4NpBTvO7Fvo6mVS6oz:fy+8ozImcSNd1YHbMbCk/S
Score3/10 -
-
-
Target
$PLUGINSDIR/System.dll
-
Size
22KB
-
MD5
a36fbe922ffac9cd85a845d7a813f391
-
SHA1
f656a613a723cc1b449034d73551b4fcdf0dcf1a
-
SHA256
fa367ae36bfbe7c989c24c7abbb13482fc20bc35e7812dc377aa1c281ee14cc0
-
SHA512
1d1b95a285536ddc2a89a9b3be4bb5151b1d4c018ea8e521de838498f62e8f29bb7b3b0250df73e327e8e65e2c80b4a2d9a781276bf2a51d10e7099bacb2e50b
-
SSDEEP
384:V8QIl975eXqlWBrz7YLOlE/NyQH38E9VF6IYinAM+oZ5a1TN:VgPgrfYLO+rMEpYinAMxZG
Score3/10 -
-
-
Target
$PLUGINSDIR/nsDialogs.dll
-
Size
20KB
-
MD5
4e5bc4458afa770636f2806ee0a1e999
-
SHA1
76dcc64af867526f776ab9225e7f4fe076487765
-
SHA256
91a484dc79be64dd11bf5acb62c893e57505fcd8809483aa92b04f10d81f9de0
-
SHA512
b6f529073a943bddbcb30a57d62216c78fcc9a09424b51ac0824ebfb9cac6cae4211bda26522d6923bd228f244ed8c41656c38284c71867f65d425727dd70162
-
SSDEEP
384:ABSzm+t18pZ0WAg0RhIFgnGNyQH38E9VF6IYinAM+oZfNRoZk:NupZ/Ag0/T8MEpYinAMxZ7oW
Score3/10 -
-
-
Target
$PLUGINSDIR/nsExec.dll
-
Size
17KB
-
MD5
2095af18c696968208315d4328a2b7fe
-
SHA1
b1b0e70c03724b2941e92c5098cc1fc0f2b51568
-
SHA256
3e2399ae5ce16dd69f7e2c71d928cf54a1024afced8155f1fd663a3e123d9226
-
SHA512
60105dfb1cd60b4048bd7b367969f36ed6bd29f92488ba8cfa862e31942fd529cbc58e8b0c738d91d8bef07c5902ce334e36c66eae1bfe104b44a159b5615ae5
-
SSDEEP
384:PbGgezxEqoyGgmkNFNyQH38E9VF6IYinAM+oZhc3iMy8:T31yGLkbMEpYinAMxZAy8
Score3/10 -
-
-
Target
$PLUGINSDIR/nsProcess.dll
-
Size
15KB
-
MD5
08072dc900ca0626e8c079b2c5bcfcf3
-
SHA1
35f2bfa0b1b2a65b9475fb91af31f7b02aee4e37
-
SHA256
bb6ce83ddaad4f530a66a1048fac868dfc3b86f5e7b8e240d84d1633e385aee8
-
SHA512
8981da7f225eb78c414e9fb3c63af0c4daae4a78b4f3033df11cce43c3a22fdbf3853425fe3024f68c73d57ffb128cba4d0db63eda1402212d1c7e0ac022353c
-
SSDEEP
192:WUl64IGsjDNyQDbnPvy2sE9jBF6IYiYF8pA5K+oZ7W76OCwy9GUe:5ZsNyQH38E9VF6IYinAM+oZYsBe
Score3/10 -
-
-
Target
Steam.exe
-
Size
4.2MB
-
MD5
33bcb1c8975a4063a134a72803e0ca16
-
SHA1
ed7a4e6e66511bb8b3e32cbfb5557ebcb4082b65
-
SHA256
12222b0908eb69581985f7e04aa6240e928fb08aa5a3ec36acae3440633c9eb1
-
SHA512
13f3a7d6215bb4837ea0a1a9c5ba06a985e0c80979c25cfb526a390d71a15d1737c0290a899f4705c2749982c9f6c9007c1751fef1a97b12db529b2f33c97b49
-
SSDEEP
98304:7JeV/ztZBe91oiImuUiK9N9EGQKF9lSHbr7aw:1S/hwkmg4EpbrOw
Score4/10 -
-
-
Target
bin/SteamService.exe
-
Size
2.5MB
-
MD5
ba0ea9249da4ab8f62432617489ae5a6
-
SHA1
d8873c5dcb6e128c39cf0c423b502821343659a7
-
SHA256
ce177dc8cf42513ff819c7b8597c7be290f9e98632a34ecd868dc76003421f0d
-
SHA512
52958d55b03e1ddc69afc2f1a02f7813199e4b3bf114514c438ab4d10d5ca83b865ba6090550951c0a43b666c6728304009572212444a27a3f5184663f4b0b8b
-
SSDEEP
49152:G+v+Y6iR3Gdcw/9I4AEZvvxYtP6iJ6aFmDJRicyM/wHH1sc:G+v+YbGiwV9AEZvW0iJRma
Score1/10 -
-
-
Target
uninstall.exe
-
Size
155KB
-
MD5
32109e2aac377fa07b849f4f4033edc5
-
SHA1
a7b87a221744fb2e36327be0a34c17b7d734c47f
-
SHA256
72ffe8859eaa63637f5a62b7c454241db35938f8326f6ccf20352e00f8df2fe5
-
SHA512
688d9b51060d84c4e2dd0ddbb20d43bbc8bf93a903f26e855f546335bd7a5c9ef5c6f888dff35d379cbb1d782c5e231b33831b7272cde2b40c2d7fc2b85ffc0d
-
SSDEEP
3072:iIAe+3aJpgWXTBuq/JFONM2cZ6iKowuq12ApG3s/6:izB+pgURJFOS21iQ5i+6
Score4/10 -
-
-
Target
$PLUGINSDIR/LangDLL.dll
-
Size
16KB
-
MD5
46ba3881f8b27f54a8d92d600e61ee7b
-
SHA1
15933b6ece85a6d45fd78ae499b445a3bc6d2d05
-
SHA256
4fca692a36f0c99e26b5bc7ef9db5269d2c1e21288184953898130fea9b1c4fc
-
SHA512
6f64d3cb4634ed51710f578667b92a429aa871a0a141092df3cf7e0134a0b145f802f91126f1ce43ddb4b9d6cc6fb875c9acec22eab0cec86a72dd916e1f9eb3
-
SSDEEP
384:kTrZBV86AQINyQH38E9VF6IYinAM+oZtfpMVK:kXZL86A1MEpYinAMxZ5aK
Score3/10 -
-
-
Target
$PLUGINSDIR/ShellLink.dll
-
Size
15KB
-
MD5
130e29fa7dc68393d3ef12fa5fe876b9
-
SHA1
54d3b821df8f42e26698f0cf99bca5d2e6aa080e
-
SHA256
eae7829a3df5d8d63e16787f7c3d5ae4b82b3b79c2cd7aad9c2532374b6ea522
-
SHA512
56dbae0e1918ed50c99a863304544d5d31925c62d4ebfd7244d67f909c353ee4160b081b43832cf33f1048f998431ba14270600de512dc6c853a17dd524df317
-
SSDEEP
384:Ld7JQGYNyQH38E9VF6IYinAM+oZiDzQ06:LgVMEpYinAMxZqzB6
Score3/10 -
-
-
Target
$PLUGINSDIR/nsExec.dll
-
Size
17KB
-
MD5
2095af18c696968208315d4328a2b7fe
-
SHA1
b1b0e70c03724b2941e92c5098cc1fc0f2b51568
-
SHA256
3e2399ae5ce16dd69f7e2c71d928cf54a1024afced8155f1fd663a3e123d9226
-
SHA512
60105dfb1cd60b4048bd7b367969f36ed6bd29f92488ba8cfa862e31942fd529cbc58e8b0c738d91d8bef07c5902ce334e36c66eae1bfe104b44a159b5615ae5
-
SSDEEP
384:PbGgezxEqoyGgmkNFNyQH38E9VF6IYinAM+oZhc3iMy8:T31yGLkbMEpYinAMxZAy8
Score3/10 -
-
-
Target
awd/SteamtoolsSetup (1) (1).exe
-
Size
978KB
-
MD5
bbf15e65d4e3c3580fc54adf1be95201
-
SHA1
79091be8f7f7a6e66669b6a38e494cf7a62b5117
-
SHA256
c9f2e2abb046ff2535537182edf9a9b748aa10a22e98a1d8c948d874f4ffb304
-
SHA512
9bb261b4ed84af846e07ffb6352960687e59428fd497faa0a37d70b57a1a7430d48ac350fbb0c3f0f11e4231a98ebca4d6923deba0949fdd7a247a3c02737355
-
SSDEEP
24576:4Fa9OUi2VoN2gZ1M8UQag3BXrYZt+GgGTfG74T+TRcL:Z9OUiTN2gZ1MExEZkkf+4TARg
Score1/10 -
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Modify Registry
2Subvert Trust Controls
1Install Root Certificate
1