Overview

overview

8

Static

static

1

1966720.zip

windows11-21h2-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1966720.zip

  • Size

    61KB

  • Sample

    250106-3v18qawjhl

  • MD5

    413620c004ade9e29a8e70aac608f9c6

  • SHA1

    eebfcf551dec64d498c81959708c316fc9b772f9

  • SHA256

    77895f93c6ebf03c225358ebe3e2993d961d0b85d107d0bde43f55679a37a8de

  • SHA512

    1f877228d91067ad2f9afe600137b1f01ab2517e1133cc57d6e46f202683bb38d14c0ec8e064ec88d6668bf8c7b500c9abc01f88787ced674d75050f5fef2f71

  • SSDEEP

    1536:fQprpxGxA1mzT5YIdzSa19SBomSuWt6gdhC5bkAzPW:Yprvoa+T5YRYUBomS6gdhCVkAzPW

Score
8/10
steamdefense_evasiondiscoverypersistencephishing

Malware Config

Targets

    • Target

      1966720.zip

    • Size

      61KB

    • MD5

      413620c004ade9e29a8e70aac608f9c6

    • SHA1

      eebfcf551dec64d498c81959708c316fc9b772f9

    • SHA256

      77895f93c6ebf03c225358ebe3e2993d961d0b85d107d0bde43f55679a37a8de

    • SHA512

      1f877228d91067ad2f9afe600137b1f01ab2517e1133cc57d6e46f202683bb38d14c0ec8e064ec88d6668bf8c7b500c9abc01f88787ced674d75050f5fef2f71

    • SSDEEP

      1536:fQprpxGxA1mzT5YIdzSa19SBomSuWt6gdhC5bkAzPW:Yprvoa+T5YRYUBomS6gdhCVkAzPW

    Score
    8/10
    steamdefense_evasiondiscoverypersistencephishing

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Detected potential entity reuse from brand STEAM.

      phishingsteam
    behavioral1

MITRE ATT&CK Enterprise v15

Tasks