48361e7e0896ad96ea92673085c3300f101c246e9075b420575b56eaba01f5f2 | Triage

Submit
Reports

Overview

overview

8

Static

static

3

virus-launcher.exe

windows11-21h2-x64

8

Sharing

General

Target

virus-launcher.exe
Size

2.5MB
Sample

250415-hjvlksttax
MD5

f24caaa9c1d2f3d9daa37f691b01958e
SHA1

4f95f1d6341d7b47eae2ba3b3f1e56e64cf8184f
SHA256

48361e7e0896ad96ea92673085c3300f101c246e9075b420575b56eaba01f5f2
SHA512

f3adcf2f1c338d44e248f832fa90a889db585fd7b2191f75b1a708643f6c54a294a06e35abaa004d581bc78d33272d81298814562a3d550ea1d933f18ff4c919
SSDEEP

24576:SMomVUkfxL8zBbKB9mKnSjmil5H7n5BSVE5WWQmMFQVBex:SMoJkfV8z4B9mGSj5bn5sVE2cc

Score

8^/10

steam defense_evasion discovery persistence phishing privilege_escalation trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

virus-launcher.exe

Resource

win11-20250410-en

steam defense_evasion discovery persistence phishing privilege_escalation trojan

windows11-21h2-x64

32 signatures

900 seconds

Malware Config

Targets

- Target
  
  virus-launcher.exe
- Size
  
  2.5MB
- MD5
  
  f24caaa9c1d2f3d9daa37f691b01958e
- SHA1
  
  4f95f1d6341d7b47eae2ba3b3f1e56e64cf8184f
- SHA256
  
  48361e7e0896ad96ea92673085c3300f101c246e9075b420575b56eaba01f5f2
- SHA512
  
  f3adcf2f1c338d44e248f832fa90a889db585fd7b2191f75b1a708643f6c54a294a06e35abaa004d581bc78d33272d81298814562a3d550ea1d933f18ff4c919
- SSDEEP
  
  24576:SMomVUkfxL8zBbKB9mKnSjmil5H7n5BSVE5WWQmMFQVBex:SMoJkfV8z4B9mGSj5bn5sVE2cc
Score

8^/10

steam defense_evasion discovery persistence phishing privilege_escalation trojan
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks whether UAC is enabled
  defense_evasion trojan
- Network Service Discovery
  Attempt to gather information on host's network.
  discovery
- Network Share Discovery
  Attempt to gather information on host network.
  discovery
- Detected potential entity reuse from brand STEAM.
  phishing steam
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v16

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Access Token Manipulation

Create Process with Token

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Access Token Manipulation

Create Process with Token

Modify Registry

Subvert Trust Controls

Install Root Certificate

SIP and Trust Provider Hijacking

Credential Access

Discovery

Browser Information Discovery

Network Service Discovery

Network Share Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

steamdefense_evasiondiscoverypersistencephishingprivilege_escalationtrojan

© 2018-2025

Terms | Privacy