abf138e9dea16b8da182e63a1e7d49a59ee57c792a77c3de34f379ceb0923d6a

Sharing

Copy URL

Twitter E-mail

General

Target

Steamtools New Version-20250122T020541Z-001.zip
Size

1.2MB
Sample

250122-cjsjbssmb1
MD5

2a203961155fc224e0c14c5beca7222e
SHA1

14ae9403e76186020b61be69917b3b4753555003
SHA256

abf138e9dea16b8da182e63a1e7d49a59ee57c792a77c3de34f379ceb0923d6a
SHA512

8a3883f32ae78f8612b741250094c5be57912d101ec7ef09beba3aa5b56c64fd59e6cbd8251b1e691850ddd88d31e1f6eef54fc15523154b88f4c5c4a0db0e82
SSDEEP

24576:I8mM3PvTEBukQUxcAxa2A3lBPp1vXmwsSgtJ+HPstaTHpOqwz2:vm4TIuTAk2wX/m4gtJ+U8JWz2

Score

8^/10

Malware Config

Targets

- Target
  
  Steamtools New Version/Guna.UI2.dll
- Size
  
  2.1MB
- MD5
  
  b429ae86c5be521bc8ca3b164cec3acb
- SHA1
  
  387560073ff5a1f2191abc6f75fc34532bbb6dd2
- SHA256
  
  3ac70532408b89159bfe235d4ed228faa03ae3fbd63ec6a82d895f287a3b0579
- SHA512
  
  eae65de53da50708983ed8ebf9e1e3dd5f9aea95a354d272e199bb59517f62bfe35f0df7a37d81ab0423d0d6d29304fa70284c731bd54023e446b2c19bacafb1
- SSDEEP
  
  24576:DgWuftU4WrNOA6sM6kXxMfNmnjk/c5NrH0UUoo2QkJXVSItH5ppoO0KzJ6nFwHQL:DA+NOpXm1mnj0cP+DkhMAiawnFV
Score

1^/10
behavioral1 behavioral2
- Target
  
  Steamtools New Version/Newtonsoft.Json.dll
- Size
  
  695KB
- MD5
  
  adf3e3eecde20b7c9661e9c47106a14a
- SHA1
  
  f3130f7fd4b414b5aec04eb87ed800eb84dd2154
- SHA256
  
  22c649f75fce5be7c7ccda8880473b634ef69ecf33f5d1ab8ad892caf47d5a07
- SHA512
  
  6a644bfd4544950ed2d39190393b716c8314f551488380ec8bd35b5062aa143342dfd145e92e3b6b81e80285cac108d201b6bbd160cb768dc002c49f4c603c0b
- SSDEEP
  
  12288:mFIM0KteTMN4Or4D3OdmZg5WHEaEDIGBBjgrIQtD+tVqDMW:6zMTMNNd+g5Wk78GBBjgrIQtDF
Score

1^/10
behavioral3 behavioral4
- Target
  
  Steamtools New Version/SomeWeirdApp.dll
- Size
  
  64KB
- MD5
  
  2268d5e30e4e843a120aae29de1e6f88
- SHA1
  
  a74c23e0b83c262df97a87bcb9e3da20482d0eba
- SHA256
  
  42b5ff6aa823147c0c6a7b479d8db92b3d6f5428b137850d9c21808d8fb7af28
- SHA512
  
  672fad72bb78c9f872fcbd89e1f8ab10326d0ab3b1ae2cdc36426797def82f4b8646d14f2a851091e1359210687b1ba391d6357e6d1f60ec3562fbb3098b5cb6
- SSDEEP
  
  1536:CwnU/2TZdHif2pALN01XcXXbMw9ARdMJW+Hjz6:ClMTifNXXbhKRdgW+Hjm
Score

1^/10
behavioral5 behavioral6
- Target
  
  Steamtools New Version/Steamtools 1.61.exe
- Size
  
  135KB
- MD5
  
  8d266a49cf28ae12227b02975df8db57
- SHA1
  
  edcffe00294a46364618f50defcfd45b9d74bcba
- SHA256
  
  4a5bc2cbf22210d7036303531dc5edf3df0f32d35b04f697efad1b2268b6ef20
- SHA512
  
  7fa1d4eb4f3365a41e3b3d9d361a4b435d2c2820796cb4352e7111d5a8f797c3a4da949ca25bf0314a0545cc35509d0c81909432ecb1a6162099985ff6a4f26c
- SSDEEP
  
  3072:rjK4UGDHXrQ8hy7qgpHulWD9ZvZ5Pf3Ca10xuZ04ntfO+hBuo:rjK4TDUqgpqWDLZ5H+xuZ045hA
Score

8^/10

discovery steam persistence phishing
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Detected potential entity reuse from brand STEAM.
  phishing steam
behavioral7 behavioral8