Overview

overview

8

Static

static

1

indexsubtitle.txt

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    indexsubtitle.txt

  • Size

    40B

  • Sample

    250401-dw2s7svm13

  • MD5

    9999e2a05c15cc97d4867567225ffd37

  • SHA1

    aa0ba425bf0d559c38788ba284488a6c0c0fd831

  • SHA256

    f304e8d349cd81cb5d7dfe4954d04a0ae13376104ba52b24d7d662cd13ed8918

  • SHA512

    13dae52713df1de587fd776e793866f5c5d0b43fe467f96e53f887f77d7bdf7ec0d5f40c76bbbe6c8c05bc2723471940e272a71e2143d4d66e31a7fd7c26bad8

Score
8/10
steamdefense_evasiondiscoveryphishingtrojan

Malware Config

Targets

    • Target

      indexsubtitle.txt

    • Size

      40B

    • MD5

      9999e2a05c15cc97d4867567225ffd37

    • SHA1

      aa0ba425bf0d559c38788ba284488a6c0c0fd831

    • SHA256

      f304e8d349cd81cb5d7dfe4954d04a0ae13376104ba52b24d7d662cd13ed8918

    • SHA512

      13dae52713df1de587fd776e793866f5c5d0b43fe467f96e53f887f77d7bdf7ec0d5f40c76bbbe6c8c05bc2723471940e272a71e2143d4d66e31a7fd7c26bad8

    Score
    8/10
    steamdefense_evasiondiscoveryphishingtrojan

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Checks whether UAC is enabled

      defense_evasiontrojan

    • Legitimate hosting services abused for malware hosting/C2

    • Detected potential entity reuse from brand STEAM.

      phishingsteam

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks