Overview

overview

8

Static

static

1

wewsf

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    wewsf

  • Size

    58B

  • Sample

    241213-aqke7atrhr

  • MD5

    88bd8fb5115ead31c10f12eb99e31fd0

  • SHA1

    24afa94fbb1a2641947ba594df84d21d2c29b536

  • SHA256

    9219cd5d75ec59670176307678ec983141314b07fc51872b5b940a0e915626cf

  • SHA512

    feb62ac594995f736aeef773510dec9614c8c2f546fd625e34d54be8bae525e5d029baaff296319996e27b0a3a8d8fb8c182181d9077c77fb1875899b75fe71d

Score
8/10
steamdiscoverypersistencephishing

Malware Config

Targets

    • Target

      wewsf

    • Size

      58B

    • MD5

      88bd8fb5115ead31c10f12eb99e31fd0

    • SHA1

      24afa94fbb1a2641947ba594df84d21d2c29b536

    • SHA256

      9219cd5d75ec59670176307678ec983141314b07fc51872b5b940a0e915626cf

    • SHA512

      feb62ac594995f736aeef773510dec9614c8c2f546fd625e34d54be8bae525e5d029baaff296319996e27b0a3a8d8fb8c182181d9077c77fb1875899b75fe71d

    Score
    8/10
    steamdiscoverypersistencephishing

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Detected potential entity reuse from brand STEAM.

      phishingsteam
    behavioral1

MITRE ATT&CK Enterprise v15

Tasks