Extracted

• • Target

    Umbral.exe

  • Size

    229KB

  • MD5

    a1d134ca35650fc8eb5029168dc77cf2

  • SHA1

    2d7d11e799d0fd81c6809e214fc0319fe0a3ae1b

  • SHA256

    e8051ca4e2624241ecf48c61e9bfd61e9d1f6cf6fb4cda85eba361edf853b289

  • SHA512

    b4a027c3d286cab99b588fafb82f372ff9e244b657e8909e6454cb23d690ceef8cbb687174fa9877f1cff0f2543cf680ebf175670eb653845749671905f01c4c

  • SSDEEP

    6144:lloZMArIkd8g+EtXHkv/iD4leoRDJ6idZIJbGmTDPb8e1mVi:noZHL+EP8leoRDJ6idZIJbGmTv/

  Score

  10^/10

  umbralspywarestealer

  • Detect Umbral payload

  • Umbral

    Umbral stealer is an opensource moduler stealer written in C#.

    stealerumbral

  • Drops file in Drivers directory

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Legitimate hosting services abused for malware hosting/C2

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  behavioral1behavioral2