Overview

overview

8

Static

static

1

Dll.pdb

windows7-x64

8

Dll.pdb

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Dll.pdb

  • Size

    21KB

  • Sample

    250109-3bfsnstqey

  • MD5

    c0e64e2175e66080f0ab30c5bff0d60e

  • SHA1

    a78a190f847e0b637e83089d2ff6c8d0cc7284a7

  • SHA256

    f5e934c4c0bc6215a033ee9101139510b953515cdcd7e715962330dbdd61e502

  • SHA512

    b10b027434c3cda1f104c6172d230ef68b9210c0da8ee1be5d714f05124471be1e189b3e374ff5eb9348137658433dcd1b567186c0702fb6688019ca74a3895b

  • SSDEEP

    192:PyAPsAPVdAPNAPVdAPzHv1qUxMH+bkIgtkmg:lTsmsT1

Score
8/10
steamdiscoveryphishing

Malware Config

Targets

    • Target

      Dll.pdb

    • Size

      21KB

    • MD5

      c0e64e2175e66080f0ab30c5bff0d60e

    • SHA1

      a78a190f847e0b637e83089d2ff6c8d0cc7284a7

    • SHA256

      f5e934c4c0bc6215a033ee9101139510b953515cdcd7e715962330dbdd61e502

    • SHA512

      b10b027434c3cda1f104c6172d230ef68b9210c0da8ee1be5d714f05124471be1e189b3e374ff5eb9348137658433dcd1b567186c0702fb6688019ca74a3895b

    • SSDEEP

      192:PyAPsAPVdAPNAPVdAPzHv1qUxMH+bkIgtkmg:lTsmsT1

    Score
    8/10
    steamdiscoveryphishing

    • Downloads MZ/PE file

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Detected potential entity reuse from brand STEAM.

      phishingsteam
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks