1. There is no such thing as a "pending" ban or Steam admin. Anyone threatening your account is a scammer trying to scare you. Read more.

Archived Report: 76561198165467539 - ([CSGO] Counter-Strike: Global Offensive Items)

Discussion in 'Archived Reports' started by GGWP | CSGOComps.com, Sep 8, 2015.

Thread Status:
Not open for further replies.
  1. GGWP | CSGOComps.com

    GGWP | CSGOComps.com New User

    Messages:
    48
    Steam:
    STEAM_0:0:81964590
    Scam Report

    Report Type: [Other] Any other fraudulant behavior
    Virtual item type involved: [CSGO] Counter-Strike: Global Offensive Items

    Accused profile: 76561198165467539

    Victim profile: 76561198124194908

    What happened? Description:
    Please read the evidence section. Essentially, this bad actor is behind Steam Stealer malware promotion.​

    Provide Evidence:
    This Steam profile is behind Steam Stealer malware promotion.

    The trail starts with the following malware analysis - https://www.hybrid-analysis.com/sam...e55fad2ebf34fc6126261f155d772?environmentId=5

    One of the dropped files is "Steam_support.afterschaaf(2).exe". Analysis for that file can be found here - https://www.virustotal.com/en/file/...ca7c63163ff09b3b3cc93e82/analysis/1441714495/

    If you look on the "behavioural information" tab you can see a server is being referenced, "kuddisiu.bget.ru". Upon visiting that server we're presented with an admin login panel but ignoring that we can see below "Copyright © 2015 WestlE.in. All rights reserved."


    "WestlE.in" is a website and acts as a kind of portfolio for the bad actor, it links directly to their Steam profile.

    1.png 2.jpg
    Hidden Content:
    **Hidden Content: Content of this hidden block can only be seen by members of (usergroups: Administrative, Moderating).**
    If you were having any worries about linking "WestlE.in" to malicious intent please feel free to look at the following webpages -
    https://www.mywot.com/en/scorecard/westle.in
    http://cybertracker.malwarehunterteam.com/malicious/6 (this webpage essentially is saying the domain used to host malware itself)​
    Last edited by a moderator: Aug 15, 2023
    GGWP | CSGOComps.com, Sep 8, 2015
    #1
  2. GGWP | CSGOComps.com

    GGWP | CSGOComps.com New User

    Messages:
    48
    Steam:
    STEAM_0:0:81964590
    GGWP | CSGOComps.com, Sep 8, 2015
    #2
  3. Sjru

    Sjru Retired Staff

    Messages:
    17,470
    SteamRep Admin:
    STEAM_0:1:13315037
    Steam:
    STEAM_0:1:13315037
    Did you engage in any chat with this person?
    Sjru, Nov 2, 2016
    #3
  4. Sjru

    Sjru Retired Staff

    Messages:
    17,470
    SteamRep Admin:
    STEAM_0:1:13315037
    Steam:
    STEAM_0:1:13315037
    This thread has been archived since the requested information was not provided. If you obtain the requested information, please create a new report.
    Sjru, Dec 20, 2016
    #4
Thread Status:
Not open for further replies.