Overview

overview

6

Static

static

3

Subnautica32.exe

windows11-21h2-x64

6

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Subnautica32.exe

  • Size

    68KB

  • Sample

    250111-zhg3ja1mhk

  • MD5

    12edd0edb4bb9367c542dce20cc01027

  • SHA1

    cb1a2b54f4c5da3564eccd153fc32fdb54499671

  • SHA256

    9087ad123cafebd9abc5b378c0fee82deaf52db1cb13d62a730a9c8169b8a923

  • SHA512

    5dbfab957e4bfe2725bf97e819653555afedc4ea043973a63b61997d3c1107e49494ec0cf045add6d52a639c001275ebf06370e5a6eb0299f5b787aa874d46f1

  • SSDEEP

    1536:ElBtJMYq5rk5uu5WQZHHMVc8tH2sWjcdYe8i:6jqYq5YYtZYk

Score
6/10
steamdiscoverymotwphishing

Malware Config

Targets

    • Target

      Subnautica32.exe

    • Size

      68KB

    • MD5

      12edd0edb4bb9367c542dce20cc01027

    • SHA1

      cb1a2b54f4c5da3564eccd153fc32fdb54499671

    • SHA256

      9087ad123cafebd9abc5b378c0fee82deaf52db1cb13d62a730a9c8169b8a923

    • SHA512

      5dbfab957e4bfe2725bf97e819653555afedc4ea043973a63b61997d3c1107e49494ec0cf045add6d52a639c001275ebf06370e5a6eb0299f5b787aa874d46f1

    • SSDEEP

      1536:ElBtJMYq5rk5uu5WQZHHMVc8tH2sWjcdYe8i:6jqYq5YYtZYk

    Score
    6/10
    steamdiscoverymotwphishing

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Mark of the Web detected: This indicates that the page was originally saved or cloned.

      phishingmotw

    • Detected potential entity reuse from brand STEAM.

      phishingsteam
    behavioral1

MITRE ATT&CK Enterprise v15

Tasks