Statik Analiz — SteamMonitorStealer | Tehdit: YUKSEK

Dosya Kimligi

SHA256c6433d9aafb4400c2fb6f772534171b39eff7e1287ce95a3024c943e2310fa5f
Dosyasteam_monitor_02F90000.dl (7-zip icinde)
Boyut696,320 byte (PE32 DLL x86, 4 sections)
Entropi7.039 (packed)
ImagebaseSuspicious

steam_monitor: Steam Hesap Izleme DLL

STEAM HEDEF: steam_monitor isimli DLL -- Steam oyun platformu hesap bilgisi calma!
steam_monitor_02F90000.dl\n\n-- steam_monitor: Steam Client izleme/engelleme DLL adimi\n-- 02F90000: bellek adresi (DLL inject hedef adresi?)\n-- .dl uzantisi: .dll gizleme (Windows Explorer normal gorunum)\n-- Steam hedefleri:\n  - ssfn dosyalari (Steam Guard auth token)\n  - config/loginusers.vdf (hesap bilgileri)\n  - Steam Guard 2FA bypass

IsDebuggerPresent: Anti-Analiz

IsDebuggerPresent\n\n-- Debugger tespiti: x32dbg, OllyDbg, IDA, Ghidra ile acildiysa dur\n-- Sandbox tespiti icin tipik ilk kontrol\n-- Pozitif sonucta: farkli kod yolu veya bos veri don

Obfuske String + CMD Entegrasyonu

Sda.B`rdp4^~oi$?5#<!L0adFhnfjdkbfhnfjdkbaqromfgsqvt4s~jzd<agfpwz\ncmd.exe /c start "\n\n-- Obfuske string: XOR veya RC4 ile sifrelenmis C2/komut dizisi\n-- "rdp" substring: RDP erisimi?\n-- "LoadFhn...": "Load" + obfuske payload ismi?\n-- cmd.exe /c start: arkaplan proses baslatma

IOC

SHA256c6433d9aafb4400c2fb6f772534171b39eff7e1287ce95a3024c943e2310fa5f
Dosyasteam_monitor_02F90000.dl
Anti-debugIsDebuggerPresent
AgWSAStartup (TCP/UDP baglanti)
ObfuskeSda.B`rdp4^~oi$ (RC4/XOR key?)

SteamMonitorStealer — Malware Profile

Steam gaming platform account credential DLL stealer. steam_monitor_02F90000.dl filename suggests DLL injection into Steam process. IsDebuggerPresent anti-analysis. WSAStartup network connectivity. XOR-obfuscated string with RDP substring. cmd.exe /c start process execution.

Malware Type
Infostealer
Programming Language
C/C++
C2 Protocol
TCP
Target Systems
Oyuncu/Steam Kullanicilari

Capabilities & Behavior

Tarayıcı Kimlik Bilgileri
Çerez Hırsızlığı
Kripto Cüzdan Çalma
Sistem Bilgisi
Ekran Görüntüsü
FTP/SSH İstemci Şifreleri
E-posta İstemcisi Çalma
Veri Sızıntısı

IOC List (1 indicators)

IOC — SteamMonitorStealer
# SHA256 c6433d9aafb4400c2fb6f772534171b39eff7e1287ce95a3024c943e2310fa5f
TypeValueNote
sha256 c6433d9aafb4400c2fb6f772534171b39eff7e1287ce95a3024c943e2310fa5f
Tags
steammonitorstealersteam-stealersteam-monitor-02f90000-dl-filename-iocsteam-gaming-platform-credential-theftisdebuggerpresent-anti-debug-anti-analysiswsastartup-tcp-network-connectioncmd-exe-c-start-process-launchobfuscated-xor-string-rdp-substring-c2suspicious-imagebase-suspicious-dos-stubpacked-7-04-entropy