Overview

overview

8

Static

static

1

The Level ...!).zip

windows11-21h2-x64

8

Resubmissions

24-10-2024 14:47

241024-r52fpazelg 1

24-10-2024 13:37

241024-qw3rqaxhpf 8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    The Level Editor (V1.6.0) (12 New Levels!).sb3

  • Size

    12.0MB

  • Sample

    241024-qw3rqaxhpf

  • MD5

    de2e19f4d9c4ff0b4a1beb9fb4c6f506

  • SHA1

    c65f984f4d2888c8bd87a991fc1bcdefaa65c922

  • SHA256

    4e34c73b5ecdb1f0915afe915e428ebd872c3026568ee3aa02e9c066126f926d

  • SHA512

    52b9bcd6c02e9cc645725544c64a5ba90b2b0b6c0a08f05bc249a2bc43c56bf6b2acd92a9d1736414e4b82eb6a3f61b56f620db038e3c3aea414b6883ea8643a

  • SSDEEP

    196608:HNtJCd1fe+AwomEB5eDp7DUXvoKIKXeR8Rkys4NbvAS9UydRQ1VG2kx7B7:HcswotIp7DygKLJR8ebvA+UydR2m7

Score
8/10
steamdefense_evasiondiscoverypersistencephishing

Malware Config

Targets

    • Target

      The Level Editor (V1.6.0) (12 New Levels!).sb3

    • Size

      12.0MB

    • MD5

      de2e19f4d9c4ff0b4a1beb9fb4c6f506

    • SHA1

      c65f984f4d2888c8bd87a991fc1bcdefaa65c922

    • SHA256

      4e34c73b5ecdb1f0915afe915e428ebd872c3026568ee3aa02e9c066126f926d

    • SHA512

      52b9bcd6c02e9cc645725544c64a5ba90b2b0b6c0a08f05bc249a2bc43c56bf6b2acd92a9d1736414e4b82eb6a3f61b56f620db038e3c3aea414b6883ea8643a

    • SSDEEP

      196608:HNtJCd1fe+AwomEB5eDp7DUXvoKIKXeR8Rkys4NbvAS9UydRQ1VG2kx7B7:HcswotIp7DygKLJR8ebvA+UydR2m7

    Score
    8/10
    steamdefense_evasiondiscoverypersistencephishing

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Legitimate hosting services abused for malware hosting/C2

    • Detected potential entity reuse from brand STEAM.

      phishingsteam
    behavioral1

MITRE ATT&CK Enterprise v15

Tasks