b986a3fdb6f50f277c2a75a39f63cb48cd2ebcc68b21c9e84f91d32327073f3d

Sharing

Copy URL

Twitter E-mail

General

Target

1337 SteamACC Stealer Private.rar
Size

3.9MB
Sample

241120-saq7xayfpn
MD5

97f0f25c9cd1414f86f9d607a988cc0c
SHA1

cdcf02793f50c1a2e5d3e19445338944d249a613
SHA256

b986a3fdb6f50f277c2a75a39f63cb48cd2ebcc68b21c9e84f91d32327073f3d
SHA512

72d6b145e0ea7d15a33f1ac578d5a81bded1fd445d9dee5b12f33d7211df9b544cac98b02da745dda3a65ba29576302e0c4c3fb954fd97af3300d063828a484e
SSDEEP

98304:QS2KNq4q2iLrgyD1f64kYN2AU7DdjcEDgYO9DN:QHXksl2hJckO9DN

Score

8^/10

Malware Config

Targets

- Target
  
  1337 SteamACC Stealer Private/1337 SteamACC Stealer Private.exe
- Size
  
  193KB
- MD5
  
  d3b6a612e1627ac55ed1036d37c078d2
- SHA1
  
  86971ed075e24fbcb5590a42432c0610f77a009d
- SHA256
  
  a5cd5d4e6cebf88a8237da82cd4472ff39270f06ad5759eb0e2ea10e04a4a8b5
- SHA512
  
  728cf4d1a2e29341aa381673302faf199abb4ee24937eee65e888a7a2adb83ae64626dfecf09b857d0b129b9d2955de86a4c3082422d89830b852f143afb2b75
- SSDEEP
  
  1536:x4lOeP6M2v9YZQfx+kPmJBtxPeZ3YtlylA9+9POMjHi:x4lOA8hfx+xJBeZ3sylA9+9GWi
Score

8^/10

discovery execution persistence
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Adds Run key to start application
  persistence
behavioral1 behavioral2
- Target
  
  1337 SteamACC Stealer Private/Xceed.Wpf.Toolkit.dll
- Size
  
  1.1MB
- MD5
  
  c3d181ab31e5bec15d266f50c8bfa4d8
- SHA1
  
  e46b04fe9e1620945881404fcdc73588e84f2dd9
- SHA256
  
  d78d3c61c4665c703976f5f697187669a5ef888ab1c00ebaabc0bcf409e833ae
- SHA512
  
  11b0dd0ba7292b5aceceb8f55a388571663f2820c55582e39f7e2727ff4e7ea0e3b51e24ae37c858326f3d1b3ce2ff272703c904dafc11b766ecfbdaaca59572
- SSDEEP
  
  24576:8N2IhPdiQMKl4fz6eY3vsKQbBlvplvraO3ySG8XxDaZVEbbG6C4:SPdiQMKl4fz6d3vsKIlvplvBfLNaZVEL
Score

1^/10
behavioral3 behavioral4
- Target
  
  1337 SteamACC Stealer Private/data/Ionic.Zip.dll
- Size
  
  480KB
- MD5
  
  f6933bf7cee0fd6c80cdf207ff15a523
- SHA1
  
  039eeb1169e1defe387c7d4ca4021bce9d11786d
- SHA256
  
  17bb0c9be45289a2be56a5f5a68ec9891d7792b886e0054bc86d57fe84d01c89
- SHA512
  
  88675512daa41e17ce4daf6ca764ccb17cd9633a7c2b7545875089cae60f6918909a947f3b1692d16ec5fa209e18e84bc0ff3594f72c3e677a6cca9f3a70b8d6
- SSDEEP
  
  6144:OhagC/Mq25o9sXGtSV41OJDsTDDVUMle6ZjxLV/kHu4Bht79I9:iagxWS4msNUCe65fkHdBf9
Score

1^/10
behavioral5 behavioral6
- Target
  
  1337 SteamACC Stealer Private/data/Launcher.exe
- Size
  
  53KB
- MD5
  
  c6d4c881112022eb30725978ecd7c6ec
- SHA1
  
  ba4f96dc374195d873b3eebdb28b633d9a1c5bf5
- SHA256
  
  0d87b9b141a592711c52e7409ec64de3ab296cddc890be761d9af57cea381b32
- SHA512
  
  3bece10b65dfda69b6defbf50d067a59d1cd1db403547fdf28a4cbc87c4985a4636acfcff8300bd77fb91f2693084634d940a91517c33b5425258835ab990981
- SSDEEP
  
  768:FKtnBTTQi/YqMFlVt52ftDhKeoNzZq8OujxUu5XEAb4b9yvMzUV5:qBTUgYFveDRuFEAb4b99QV5
Score

8^/10

discovery execution persistence
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Adds Run key to start application
  persistence
behavioral7 behavioral8
- Target
  
  1337 SteamACC Stealer Private/data/Xceed.Wpf.Toolkit.dll
- Size
  
  1.1MB
- MD5
  
  c3d181ab31e5bec15d266f50c8bfa4d8
- SHA1
  
  e46b04fe9e1620945881404fcdc73588e84f2dd9
- SHA256
  
  d78d3c61c4665c703976f5f697187669a5ef888ab1c00ebaabc0bcf409e833ae
- SHA512
  
  11b0dd0ba7292b5aceceb8f55a388571663f2820c55582e39f7e2727ff4e7ea0e3b51e24ae37c858326f3d1b3ce2ff272703c904dafc11b766ecfbdaaca59572
- SSDEEP
  
  24576:8N2IhPdiQMKl4fz6eY3vsKQbBlvplvraO3ySG8XxDaZVEbbG6C4:SPdiQMKl4fz6d3vsKIlvplvBfLNaZVEL
Score

1^/10
behavioral10 behavioral9
- Target
  
  1337 SteamACC Stealer Private/data/bin.exe
- Size
  
  2.6MB
- MD5
  
  e0a4b559ece736a296ac46f718d4f3a2
- SHA1
  
  b6c3995713b0447d5da26e8fe0be34bac1385a6c
- SHA256
  
  86d570622651ce8ad89cb880760772ec0da59552042d13e2f78711107d9f0ac2
- SHA512
  
  5e14b3f43ff4279c1f2f1d36828e997db8b2e9f000662d089d03869771b47fbb91d1fd5628dd513ca2c3f89a21820f29dbf39071f152e8e9683c7b3bc2cea165
- SSDEEP
  
  49152:P25W4DTnrJlEHeviIi0JO40H5oahF2hqDt2+4qhLvucrBTfRxvHWNVN:e5W4n9lEHQX5HwdhIhqt2+vhLGABDO
Score

3^/10

discovery
behavioral11 behavioral12
- Target
  
  1337 SteamACC Stealer Private/data/secproc.dll
- Size
  
  338KB
- MD5
  
  c72b72a6f2eb72bc6dd0a2a2164e02e3
- SHA1
  
  18825cc35e84e960c3c26e23f99fdc80bf346632
- SHA256
  
  b008544fc732a9c05a1479a2631dbe005e24b69c4abc2922ec7bd87337b76644
- SHA512
  
  0b73040f80a477b307efa6ca2baa2d8bac7e203b8a23d7e3e5b7daaedc1940778b805e3fbed5c12cf6516f09e243f77a55c404bf2c12b6ee6288f7b2a80f5f98
- SSDEEP
  
  6144:BPefh6YmnoVPDVYITi3KxtLtOLbWUOGR3JZaYE8z0U3twy/8J:BPefhX1VYITi3KxtQeZGR3dCU3twyk
Score

3^/10

discovery
behavioral13 behavioral14
- Target
  
  1337 SteamACC Stealer Private/secproc.dll
- Size
  
  338KB
- MD5
  
  c72b72a6f2eb72bc6dd0a2a2164e02e3
- SHA1
  
  18825cc35e84e960c3c26e23f99fdc80bf346632
- SHA256
  
  b008544fc732a9c05a1479a2631dbe005e24b69c4abc2922ec7bd87337b76644
- SHA512
  
  0b73040f80a477b307efa6ca2baa2d8bac7e203b8a23d7e3e5b7daaedc1940778b805e3fbed5c12cf6516f09e243f77a55c404bf2c12b6ee6288f7b2a80f5f98
- SSDEEP
  
  6144:BPefh6YmnoVPDVYITi3KxtLtOLbWUOGR3JZaYE8z0U3twy/8J:BPefhX1VYITi3KxtQeZGR3dCU3twyk
Score

3^/10

discovery
behavioral15 behavioral16

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Command and Scripting Interpreter: PowerShell

Checks computer location settings

Drops startup file

Executes dropped EXE

Adds Run key to start application

Command and Scripting Interpreter: PowerShell

Checks computer location settings

Drops startup file

Executes dropped EXE

Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16