Overview

overview

8

Static

static

1

URLScan

urlscan

1

https://cdn.discorda...

windows10-2004-x64

8

Resubmissions

26-10-2024 18:40

241026-xbeygsybpj 8

26-10-2024 18:19

241026-wyd42ayalm 8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    https://cdn.discordapp.com/attachments/1165114492204625982/1296829580648251524/password_is_1.zip?ex=671e4229&is=671cf0a9&hm=50f4d4da638ef09e673d77d91cc1bf38cd4e23079831fc0d609ec3177f3e6526&

  • Sample

    241026-xbeygsybpj

Score
8/10
steamdiscoverymotwpersistencephishing

Malware Config

Targets

    • Target

      https://cdn.discordapp.com/attachments/1165114492204625982/1296829580648251524/password_is_1.zip?ex=671e4229&is=671cf0a9&hm=50f4d4da638ef09e673d77d91cc1bf38cd4e23079831fc0d609ec3177f3e6526&

    Score
    8/10
    steamdiscoverymotwpersistencephishing

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Mark of the Web detected: This indicates that the page was originally saved or cloned.

      phishingmotw

    • Detected potential entity reuse from brand STEAM.

      phishingsteam

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks