fa10e4efecf3aeb583e2edf1e48e1fd92543fd86b7f0d07f7aaf46927e4da214 | Triage

Submit
Reports

Overview

overview

Static

static

1

TLauncher-....8.exe

windows10-2004-x64

TLauncher-....8.exe

windows10-ltsc 2021-x64

7

Sharing

General

Target

TLauncher-Installer-1.5.8.exe
Size

24.2MB
Sample

250104-rrj99atjcx
MD5

685de3af992c9d24a32af13119fec8e1
SHA1

d00eb98453b6b4206cdc0d72e452fde15d639517
SHA256

fa10e4efecf3aeb583e2edf1e48e1fd92543fd86b7f0d07f7aaf46927e4da214
SHA512

b40831a22b32abf2fa5508e888c3c8aa830801f83af04c4db3438c6f7c843ce7f21c876b9054b9c9586ce96d2fb4d627ac97fc3cb1310f93643dd5c0314f899f
SSDEEP

393216:0hJ7SFBjbX5IwhgCyCArr6of5MJ7ZWqxPAIgtMIMlFRq1k4ZFx3ylu2GXJIcw:0h8FBjbJjhQHrrKJBH5lFRqO4x392cw

Score

10^/10

steam discovery evasion persistence phishing ransomware trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

TLauncher-Installer-1.5.8.exe

Resource

win10v2004-20241007-en

steam discovery evasion persistence phishing ransomware trojan upx

windows10-2004-x64

34 signatures

600 seconds

Behavioral task

behavioral2

Sample

TLauncher-Installer-1.5.8.exe

Resource

win10ltsc2021-20241211-en

windows10-ltsc 2021-x64

9 signatures

600 seconds

Malware Config

Targets

- Target
  
  TLauncher-Installer-1.5.8.exe
- Size
  
  24.2MB
- MD5
  
  685de3af992c9d24a32af13119fec8e1
- SHA1
  
  d00eb98453b6b4206cdc0d72e452fde15d639517
- SHA256
  
  fa10e4efecf3aeb583e2edf1e48e1fd92543fd86b7f0d07f7aaf46927e4da214
- SHA512
  
  b40831a22b32abf2fa5508e888c3c8aa830801f83af04c4db3438c6f7c843ce7f21c876b9054b9c9586ce96d2fb4d627ac97fc3cb1310f93643dd5c0314f899f
- SSDEEP
  
  393216:0hJ7SFBjbX5IwhgCyCArr6of5MJ7ZWqxPAIgtMIMlFRq1k4ZFx3ylu2GXJIcw:0h8FBjbJjhQHrrKJBH5lFRqO4x392cw
Score

10^/10

steam discovery evasion persistence phishing ransomware trojan upx
- Modifies WinLogon for persistence
  persistence
- UAC bypass
  evasion trojan
- Disables RegEdit via registry modification
  evasion
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops desktop.ini file(s)
- Detected potential entity reuse from brand STEAM.
  phishing steam
- Drops file in System32 directory
- Sets desktop wallpaper using registry
  ransomware
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Abuse Elevation Control Mechanism

Bypass User Account Control

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Defense Evasion

Abuse Elevation Control Mechanism

Bypass User Account Control

Impair Defenses

Disable or Modify Tools

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Browser Information Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Defacement

Tasks

static1

behavioral1

steamdiscoveryevasionpersistencephishingransomwaretrojanupx

behavioral2

© 2018-2025

Terms | Privacy