Overview

overview

9

Static

static

1

releases

windows11-21h2-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    releases

  • Size

    174KB

  • Sample

    241218-b4c4psxjfx

  • MD5

    2bf9e527c95ed2abdab7aa79fd3a729c

  • SHA1

    8832f1592c79df242cc985bd80458286faa27993

  • SHA256

    517231ebc18f6f87871572d44dc581d8d6aeefcc91e802c5dcab0b3f7c457cf9

  • SHA512

    d4f27f022c683bd580d63315d004e9ea716d45c5b3279390ec86d7978cb3dac01bb7d90a79aefc35f87b3074936a17aa2e41bcf70551a71ab20100980d8b20be

  • SSDEEP

    3072:4qz7eznSaLhQHgANLEZbOh2nczkmdUNF+rteScV1PHMvWIw8IMgNscV1PHMvpZpH:Q/NsipOL/saqkPV9FemLtcIDSsmww9it

Score
9/10
steamdefense_evasiondiscoverypersistencephishingransomware

Malware Config

Targets

    • Target

      releases

    • Size

      174KB

    • MD5

      2bf9e527c95ed2abdab7aa79fd3a729c

    • SHA1

      8832f1592c79df242cc985bd80458286faa27993

    • SHA256

      517231ebc18f6f87871572d44dc581d8d6aeefcc91e802c5dcab0b3f7c457cf9

    • SHA512

      d4f27f022c683bd580d63315d004e9ea716d45c5b3279390ec86d7978cb3dac01bb7d90a79aefc35f87b3074936a17aa2e41bcf70551a71ab20100980d8b20be

    • SSDEEP

      3072:4qz7eznSaLhQHgANLEZbOh2nczkmdUNF+rteScV1PHMvWIw8IMgNscV1PHMvpZpH:Q/NsipOL/saqkPV9FemLtcIDSsmww9it

    Score
    9/10
    steamdefense_evasiondiscoverypersistencephishingransomware

    • Renames multiple (5980) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

      ransomware

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Detected potential entity reuse from brand STEAM.

      phishingsteam
    behavioral1

MITRE ATT&CK Enterprise v15

Tasks