General

  • Target

    steamcmd.exe

  • Size

    1.6MB

  • Sample

    250127-sly2wsvnhq

  • MD5

    2629c77b1149eee9203e045e289e68ef

  • SHA1

    e45974be43d33419ac8e5208e0b2b787cd592fc4

  • SHA256

    fc103a323d70caaac475ae1cfcacfd8eec4c6b1e130005c4793f2013b4b019f8

  • SHA512

    397c238f43c6208feea21fb929e6f6429b3ed035414dc779982350998030dda834431864026e22f2b6a2c99b8b2bcd6d5d2970dd8d71c39698f03d6043c6778d

  • SSDEEP

    49152:r38U9PBcjnaqMbyrsmYjDVUf1yAF4/LPT4gsVdqJVuOji1Y:rn5cjnaqMbytYjRQy54g3

Score
9/10

Malware Config

Targets

    • Target

      steamcmd.exe

    • Size

      1.6MB

    • MD5

      2629c77b1149eee9203e045e289e68ef

    • SHA1

      e45974be43d33419ac8e5208e0b2b787cd592fc4

    • SHA256

      fc103a323d70caaac475ae1cfcacfd8eec4c6b1e130005c4793f2013b4b019f8

    • SHA512

      397c238f43c6208feea21fb929e6f6429b3ed035414dc779982350998030dda834431864026e22f2b6a2c99b8b2bcd6d5d2970dd8d71c39698f03d6043c6778d

    • SSDEEP

      49152:r38U9PBcjnaqMbyrsmYjDVUf1yAF4/LPT4gsVdqJVuOji1Y:rn5cjnaqMbytYjRQy54g3

    Score
    9/10
    • Renames multiple (162) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks