9955cfdd499762a979e634981e31b3a23719fd9ca22a21f00db6a2051886f44c | Triage

Submit
Reports

Overview

overview

8

Static

static

1

view.html

windows11-21h2-x64

8

Sharing

General

Target

view
Size

82KB
Sample

250401-c9sl1sstcz
MD5

ee9ce2fcebf961aee5fae3214265af84
SHA1

5977ecacde7825d44c19e7f27dd30d8f32dff953
SHA256

9955cfdd499762a979e634981e31b3a23719fd9ca22a21f00db6a2051886f44c
SHA512

c97f76273711fab6e85ed3500c8aa86f4a4f8e5a11d1786f96aa8d742f98f402c9fd3a0e5f136beb608dbeaeef8378e606e8de14f4ffe4b2ae061aeb5b59b1f4
SSDEEP

1536:jFWjAA+X0D7rsPcG86uzczGDaxfwiBQ2/zV7:B87r8cz68czPwiXN

Score

8^/10

steam defense_evasion discovery persistence phishing

Static task

static1

Behavioral task

behavioral1

Sample

view.html

Resource

win11-20250313-es

steam defense_evasion discovery persistence phishing

windows11-21h2-x64

30 signatures

900 seconds

Malware Config

Targets

- Target
  
  view
- Size
  
  82KB
- MD5
  
  ee9ce2fcebf961aee5fae3214265af84
- SHA1
  
  5977ecacde7825d44c19e7f27dd30d8f32dff953
- SHA256
  
  9955cfdd499762a979e634981e31b3a23719fd9ca22a21f00db6a2051886f44c
- SHA512
  
  c97f76273711fab6e85ed3500c8aa86f4a4f8e5a11d1786f96aa8d742f98f402c9fd3a0e5f136beb608dbeaeef8378e606e8de14f4ffe4b2ae061aeb5b59b1f4
- SSDEEP
  
  1536:jFWjAA+X0D7rsPcG86uzczGDaxfwiBQ2/zV7:B87r8cz68czPwiXN
Score

8^/10

steam defense_evasion discovery persistence phishing
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Legitimate hosting services abused for malware hosting/C2
- Network Share Discovery
  Attempt to gather information on host network.
  discovery
- Detected potential entity reuse from brand STEAM.
  phishing steam
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

SIP and Trust Provider Hijacking

Credential Access

Discovery

Browser Information Discovery

Network Share Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

steamdefense_evasiondiscoverypersistencephishing

© 2018-2025

Terms | Privacy