42b828b9a12a08d6d54cef29054a65c8e3d47147e67d40237b2decca4809c60f | Triage

Submit
Reports

Overview

overview

8

Static

static

1

SWA V1.62.rar

windows7-x64

8

SWA V1.62.rar

windows10-2004-x64

1

Resubmissions

08-01-2025 17:49

250108-wd7kvazlcj 8

08-01-2025 17:45

250108-wb4feaxket 3

Sharing

General

Target

SWA V1.62.rar
Size

1.1MB
Sample

250108-wd7kvazlcj
MD5

6e1efefb3225679ae03ef936c3c81575
SHA1

c9e7de5bbff3bc0782b1e91023a7ff8fd9976688
SHA256

42b828b9a12a08d6d54cef29054a65c8e3d47147e67d40237b2decca4809c60f
SHA512

6df9f84e64ac7fe10bb552866c65291a9007c661d53244eae729267b27291c3a3e61bed89cbea9ff7826a01f3c82185625688ec9c1820812364fece091cef7f9
SSDEEP

24576:pLq3QBPdv3XalrWfiODoUKooLRuIwatKRLRGVuVPtUx7skxZNXptpfcQ:kQP3XgqiODtoLgLwaUhN5PEQ

Score

8^/10

steam discovery persistence phishing

Static task

static1

Behavioral task

behavioral1

Sample

SWA V1.62.rar

Resource

win7-20240903-it

steam discovery persistence phishing

windows7-x64

28 signatures

300 seconds

Behavioral task

behavioral2

Sample

SWA V1.62.rar

Resource

win10v2004-20241007-it

windows10-2004-x64

2 signatures

300 seconds

Malware Config

Targets

- Target
  
  SWA V1.62.rar
- Size
  
  1.1MB
- MD5
  
  6e1efefb3225679ae03ef936c3c81575
- SHA1
  
  c9e7de5bbff3bc0782b1e91023a7ff8fd9976688
- SHA256
  
  42b828b9a12a08d6d54cef29054a65c8e3d47147e67d40237b2decca4809c60f
- SHA512
  
  6df9f84e64ac7fe10bb552866c65291a9007c661d53244eae729267b27291c3a3e61bed89cbea9ff7826a01f3c82185625688ec9c1820812364fece091cef7f9
- SSDEEP
  
  24576:pLq3QBPdv3XalrWfiODoUKooLRuIwatKRLRGVuVPtUx7skxZNXptpfcQ:kQP3XgqiODtoLgLwaUhN5PEQ
Score

8^/10

steam discovery persistence phishing
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Blocklisted process makes network request
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Detected potential entity reuse from brand STEAM.
  phishing steam
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Browser Information Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

System Time Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

steamdiscoverypersistencephishing

behavioral2

© 2018-2025

Terms | Privacy