b64f1ae363def3f1ed59b99340142279cb626d99a562573deeae1a35cb86e7cb | Triage

Submit
Reports

Overview

overview

8

Static

static

3

Celestial Builds.exe

windows7-x64

7

Celestial Builds.exe

windows10-2004-x64

8

Sharing

General

Target

Celestial Builds.exe
Size

14.5MB
Sample

250116-adn8ls1mb1
MD5

ab42170cab56768f31450308df971b2d
SHA1

d1a6ba8a81bb19d42509f89d9d809073b0aa273e
SHA256

b64f1ae363def3f1ed59b99340142279cb626d99a562573deeae1a35cb86e7cb
SHA512

4392bdc8a3f20a5e69bb8a9b77bcf80c53dbd07559f0a16e0676c3e726dc71ee528b9f12b37a5053ff8cca33e6eaa6cda50cbff0ff894b78460ef365f5a35fd3
SSDEEP

393216:QThgdIBFP8sgAQTeXuxnse8r3cE7hPIccZfZYitv6aJuF:QThoIDk5oosXr3cJcO+itk

Score

8^/10

steam discovery persistence phishing

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

Celestial Builds.exe

Resource

win7-20240903-en

windows7-x64

4 signatures

150 seconds

Behavioral task

behavioral2

Sample

Celestial Builds.exe

Resource

win10v2004-20241007-en

steam discovery persistence phishing

windows10-2004-x64

25 signatures

150 seconds

Malware Config

Targets

- Target
  
  Celestial Builds.exe
- Size
  
  14.5MB
- MD5
  
  ab42170cab56768f31450308df971b2d
- SHA1
  
  d1a6ba8a81bb19d42509f89d9d809073b0aa273e
- SHA256
  
  b64f1ae363def3f1ed59b99340142279cb626d99a562573deeae1a35cb86e7cb
- SHA512
  
  4392bdc8a3f20a5e69bb8a9b77bcf80c53dbd07559f0a16e0676c3e726dc71ee528b9f12b37a5053ff8cca33e6eaa6cda50cbff0ff894b78460ef365f5a35fd3
- SSDEEP
  
  393216:QThgdIBFP8sgAQTeXuxnse8r3cE7hPIccZfZYitv6aJuF:QThoIDk5oosXr3cJcO+itk
Score

8^/10

steam discovery persistence phishing
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Legitimate hosting services abused for malware hosting/C2
- Detected potential entity reuse from brand STEAM.
  phishing steam
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

steamdiscoverypersistencephishing

© 2018-2025

Terms | Privacy