Overview

overview

10

Static

static

3

8d322dea2b...0N.exe

windows11-21h2-x64

10

Resubmissions

10/03/2025, 13:50

250310-q5kbqsxtbs 10

24/08/2024, 15:09

240824-sjs3vsxfmp 10

23/08/2024, 04:46

240823-fd541sybqk 10

22/08/2024, 13:53

240822-q65daszgpe 10

22/08/2024, 13:49

240822-q47ewazfpb 10

Sharing

Copy URL Twitter E-mail

General

  • Target

    8d322dea2b07994c9d14997fa625e220N.exe

  • Size

    203KB

  • Sample

    240824-sjs3vsxfmp

  • MD5

    8d322dea2b07994c9d14997fa625e220

  • SHA1

    713743b61bd05caa8591b05572e1991ef13dcefd

  • SHA256

    34532f4a4b53967812e14ec83862faf5aef803621ab1a6379cc31cdda810dfbd

  • SHA512

    2c1c448c04b61e7a76391f6e55f39f0e27a4ad023c6ad37ace5f2802be59e21bb4e338e756aeff7c4d849907b44ce4e2edffcfcf6d67cb81158b0627fbdb3ffe

  • SSDEEP

    6144:KjXslrGYUNqBpy1tnJfKXqPTX7D7FM6234lKm3mo8YG:sgiYUNqPitJCXqP77D7FB24lwT

Score
10/10
steamdefense_evasiondiscoverypersistencephishingprivilege_escalation

Malware Config

Targets

    • Target

      8d322dea2b07994c9d14997fa625e220N.exe

    • Size

      203KB

    • MD5

      8d322dea2b07994c9d14997fa625e220

    • SHA1

      713743b61bd05caa8591b05572e1991ef13dcefd

    • SHA256

      34532f4a4b53967812e14ec83862faf5aef803621ab1a6379cc31cdda810dfbd

    • SHA512

      2c1c448c04b61e7a76391f6e55f39f0e27a4ad023c6ad37ace5f2802be59e21bb4e338e756aeff7c4d849907b44ce4e2edffcfcf6d67cb81158b0627fbdb3ffe

    • SSDEEP

      6144:KjXslrGYUNqBpy1tnJfKXqPTX7D7FM6234lKm3mo8YG:sgiYUNqPitJCXqP77D7FB24lwT

    Score
    10/10
    steamdefense_evasiondiscoverypersistencephishingprivilege_escalation

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Downloads MZ/PE file

    • Event Triggered Execution: Component Object Model Hijacking

      Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

      persistenceprivilege_escalation

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Legitimate hosting services abused for malware hosting/C2

    • Detected potential entity reuse from brand steam.

      phishingsteam

    • Drops file in System32 directory

    behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Event Triggered Execution

1
T1546

Component Object Model Hijacking

1
T1546.015

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Event Triggered Execution

1
T1546

Component Object Model Hijacking

1
T1546.015

Defense Evasion

Modify Registry

1
T1112

Subvert Trust Controls

1
T1553

SIP and Trust Provider Hijacking

1
T1553.003

Credential Access

Discovery

Browser Information Discovery

1
T1217

Peripheral Device Discovery

1
T1120

Query Registry

3
T1012

System Information Discovery

3
T1082

System Location Discovery

1
T1614

System Language Discovery

1
T1614.001

Lateral Movement

Collection

Command and Control

Web Service

1
T1102

Exfiltration

Impact

Tasks