20757c361f653b52a5e4c8ee12f0fb4ae78a8ed60b8e214cb86f279798ee23d0 | Triage

Submit
Reports

Overview

overview

8

Static

static

3

steamweb.exe

windows10-ltsc_2021-x64

8

Resubmissions

15/04/2025, 15:22

250415-srw5gszyes 8

15/04/2025, 15:08

250415-sjcqwazxcz 8

Sharing

General

Target

steamweb.exe.exe
Size

15.5MB
Sample

250415-sjcqwazxcz
MD5

2557af1cde18cc05e215ac65547b4d84
SHA1

49d94a7dd93ba7bb3e6062f112e15ed17cd718ab
SHA256

20757c361f653b52a5e4c8ee12f0fb4ae78a8ed60b8e214cb86f279798ee23d0
SHA512

307648c30f29125cad241b774689593ade6735e0054ab372210717b4b27febf27aaace94941c221b582d65efcf1db49ce34a2427948c0a78d0346ad8cd8500cd
SSDEEP

393216:NcjJzQH4Z4+D6F4vh+viahsj9l61+TtIiW0VJWLlW30:su4ZX52W61QtI2Ei

Score

8^/10

steam discovery persistence phishing pyinstaller

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

steamweb.exe

Resource

win10ltsc2021-20250410-en

steam discovery persistence phishing

windows10-ltsc_2021-x64

31 signatures

600 seconds

Malware Config

Targets

- Target
  
  steamweb.exe.exe
- Size
  
  15.5MB
- MD5
  
  2557af1cde18cc05e215ac65547b4d84
- SHA1
  
  49d94a7dd93ba7bb3e6062f112e15ed17cd718ab
- SHA256
  
  20757c361f653b52a5e4c8ee12f0fb4ae78a8ed60b8e214cb86f279798ee23d0
- SHA512
  
  307648c30f29125cad241b774689593ade6735e0054ab372210717b4b27febf27aaace94941c221b582d65efcf1db49ce34a2427948c0a78d0346ad8cd8500cd
- SSDEEP
  
  393216:NcjJzQH4Z4+D6F4vh+viahsj9l61+TtIiW0VJWLlW30:su4ZX52W61QtI2Ei
Score

8^/10

steam discovery persistence phishing
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Detected potential entity reuse from brand STEAM.
  phishing steam
behavioral1

MITRE ATT&CK Enterprise v16

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Browser Information Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

steamdiscoverypersistencephishing

© 2018-2025

Terms | Privacy