Extracted

• • Target

    Captura.PNG

  • Size

    5KB

  • MD5

    34f29d29c7d0414604eb4828fdc599fc

  • SHA1

    18560eb4061e00bfc21c2cc2561b1721a126bbe1

  • SHA256

    0b93fd8f66072d586f07f21dfb6ced11e56f699ba3d860d42e91ae1cfea4d3c9

  • SHA512

    14ae72fe6b69a2802e3fa60bf2bcf71179f6b20b649e265e70bc3a62fb6da42ce89ff9d20f5d604e71ab37ff29fe6ce9cb56556b01513c755a59ae9cb7255ebf

  • SSDEEP

    96:pK0W4pDkqkJbt/nLHoO0rysgsUWk0d3AT958/H3RnyW24Lndw/2RNDsiYwE919Fn:XW4pYqct/LHoO0rysNUWkJ9585UJANDi

  Score

  10^/10

  umbralxwormratstealertrojan

  • Detect Umbral payload

  • Detect Xworm Payload

  • Umbral

    Umbral stealer is an opensource moduler stealer written in C#.

    stealerumbral

  • Xworm

    Xworm is a remote access trojan written in C#.

    trojanratxworm

  • Drops startup file

  • Executes dropped EXE

  • Legitimate hosting services abused for malware hosting/C2

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  behavioral1