Overview

overview

8

Static

static

3

SteamtoolsSetup.exe

windows11-21h2-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    SteamtoolsSetup.exe

  • Size

    2.7MB

  • Sample

    250110-vpp99sspfk

  • MD5

    5321690369d17547a978cd28f45f5ea6

  • SHA1

    173b7be12e9ef3af91e2a7cbfe63a313134c9e32

  • SHA256

    14224256268d10452893cae5d330262b6dd8f854e7f2e8bfbc2d050eb0d0f80f

  • SHA512

    4f2aa0801d685195570c62ce19335465e85d19f04335fe56945207482893d1181c04bbfe18230bf0a490f8f5cf2998bee7f2c1c17146126555dd780d2dd085b4

  • SSDEEP

    49152:RKQJrfc1y4pY+CvSs0AhuEySsxsiMRPPRRw69XmYya:xwvEyVsiMRPPRRw69XmYya

Score
8/10
steamdefense_evasiondiscoverypersistencephishing

Malware Config

Targets

    • Target

      SteamtoolsSetup.exe

    • Size

      2.7MB

    • MD5

      5321690369d17547a978cd28f45f5ea6

    • SHA1

      173b7be12e9ef3af91e2a7cbfe63a313134c9e32

    • SHA256

      14224256268d10452893cae5d330262b6dd8f854e7f2e8bfbc2d050eb0d0f80f

    • SHA512

      4f2aa0801d685195570c62ce19335465e85d19f04335fe56945207482893d1181c04bbfe18230bf0a490f8f5cf2998bee7f2c1c17146126555dd780d2dd085b4

    • SSDEEP

      49152:RKQJrfc1y4pY+CvSs0AhuEySsxsiMRPPRRw69XmYya:xwvEyVsiMRPPRRw69XmYya

    Score
    8/10
    steamdefense_evasiondiscoverypersistencephishing

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Detected potential entity reuse from brand STEAM.

      phishingsteam
    behavioral1

MITRE ATT&CK Enterprise v15

Tasks