Statik Analiz — SteamMonitorStealer | Tehdit: YUKSEK
Dosya Kimligi
| SHA256 | c6433d9aafb4400c2fb6f772534171b39eff7e1287ce95a3024c943e2310fa5f |
|---|---|
| Dosya | steam_monitor_02F90000.dl (7-zip icinde) |
| Boyut | 696,320 byte (PE32 DLL x86, 4 sections) |
| Entropi | 7.039 (packed) |
| Imagebase | Suspicious |
steam_monitor: Steam Hesap Izleme DLL
STEAM HEDEF: steam_monitor isimli DLL -- Steam oyun platformu hesap bilgisi calma!
steam_monitor_02F90000.dl\n\n-- steam_monitor: Steam Client izleme/engelleme DLL adimi\n-- 02F90000: bellek adresi (DLL inject hedef adresi?)\n-- .dl uzantisi: .dll gizleme (Windows Explorer normal gorunum)\n-- Steam hedefleri:\n - ssfn dosyalari (Steam Guard auth token)\n - config/loginusers.vdf (hesap bilgileri)\n - Steam Guard 2FA bypass
IsDebuggerPresent: Anti-Analiz
IsDebuggerPresent\n\n-- Debugger tespiti: x32dbg, OllyDbg, IDA, Ghidra ile acildiysa dur\n-- Sandbox tespiti icin tipik ilk kontrol\n-- Pozitif sonucta: farkli kod yolu veya bos veri don
Obfuske String + CMD Entegrasyonu
Sda.B`rdp4^~oi$?5#<!L0adFhnfjdkbfhnfjdkbaqromfgsqvt4s~jzd<agfpwz\ncmd.exe /c start "\n\n-- Obfuske string: XOR veya RC4 ile sifrelenmis C2/komut dizisi\n-- "rdp" substring: RDP erisimi?\n-- "LoadFhn...": "Load" + obfuske payload ismi?\n-- cmd.exe /c start: arkaplan proses baslatma
IOC
| SHA256 | c6433d9aafb4400c2fb6f772534171b39eff7e1287ce95a3024c943e2310fa5f |
|---|---|
| Dosya | steam_monitor_02F90000.dl |
| Anti-debug | IsDebuggerPresent |
| Ag | WSAStartup (TCP/UDP baglanti) |
| Obfuske | Sda.B`rdp4^~oi$ (RC4/XOR key?) |
SteamMonitorStealer — Malware Profile
Steam gaming platform account credential DLL stealer. steam_monitor_02F90000.dl filename suggests DLL injection into Steam process. IsDebuggerPresent anti-analysis. WSAStartup network connectivity. XOR-obfuscated string with RDP substring. cmd.exe /c start process execution.
Malware Type
Infostealer
Programming Language
C/C++
C2 Protocol
TCP
Target Systems
Oyuncu/Steam Kullanicilari
Capabilities & Behavior
Tarayıcı Kimlik Bilgileri
Çerez Hırsızlığı
Kripto Cüzdan Çalma
Sistem Bilgisi
Ekran Görüntüsü
FTP/SSH İstemci Şifreleri
E-posta İstemcisi Çalma
Veri Sızıntısı
IOC List (1 indicators)
IOC — SteamMonitorStealer
# SHA256
c6433d9aafb4400c2fb6f772534171b39eff7e1287ce95a3024c943e2310fa5f
| Type | Value | Note |
|---|---|---|
| sha256 | c6433d9aafb4400c2fb6f772534171b39eff7e1287ce95a3024c943e2310fa5f |