Overview

overview

8

Static

static

3

undetek-v8....4.exe

windows11-21h2-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    undetek-v8.4.zip

  • Size

    29KB

  • Sample

    250103-epwjaaynex

  • MD5

    3fd421553153e36fca595e26b68926fd

  • SHA1

    1dbc61f32a394262a768b1a4952a7b4c4922d250

  • SHA256

    88042ffea63225f395d2a086b6caf488ca0a7982a117e011ac213f31e21c8b12

  • SHA512

    9528fca52e74bd0989e6373b2f887eb4711e36596111aef74a5fdc82a809c72163226b8c20323a488fe5f9af906acb6a36bbe1e2c067e650adaf1495dcc49d42

  • SSDEEP

    768:Annf3accs4wOtCidwAZvdLyg5xl3uxy5KU7T:AnnPvcsdOBwAZvdLyOl30AKYT

Score
8/10
steamdefense_evasiondiscoverypersistencephishing

Malware Config

Targets

    • Target

      undetek-v8.4/undetek-v8.4.exe

    • Size

      71KB

    • MD5

      ee2dfac975e184552e9eaeb62bf61705

    • SHA1

      0f1bbfeffba8a9b044370d2a728d6567d893bacb

    • SHA256

      5c09e9ed8596c3e94ee53c849e0a73a609693ad83292b0d6d5bd716fe42c8a51

    • SHA512

      229bab16972a44f5440aa235ed024dd1faf5b9bce25ccc6739f8f2eda99603c6796e502657497d3ff5bda43f42c505ee1a7aa4a9c2e625c1ffea1bf677c51cea

    • SSDEEP

      1536:U+S3sRVYxFX5PMolc3AhsA8Y/qTvMZoRx0rsCBOECIy/86e+bj:W3sRVYxFX5PMolc3AhsA8Y/q7ef1CXGg

    Score
    8/10
    steamdefense_evasiondiscoverypersistencephishing

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Detected potential entity reuse from brand STEAM.

      phishingsteam
    behavioral1

MITRE ATT&CK Enterprise v15

Tasks