Overview

overview

10

Static

static

3

Yeezus.rar

windows7-x64

3

Yeezus.rar

windows10-2004-x64

10

InjectionLibrary.dll

windows7-x64

1

InjectionLibrary.dll

windows10-2004-x64

1

ReaLTaiizor.dll

windows7-x64

1

ReaLTaiizor.dll

windows10-2004-x64

1

Yeezus.exe

windows7-x64

10

Yeezus.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    157s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11-01-2024 14:06

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Yeezus.exe

  • Size

    8.3MB

  • MD5

    fcb147a5c323be1cd6341d87ee9eae35

  • SHA1

    9ae4d2552158126efe96e7d9b92e782354bafefc

  • SHA256

    a32ad6995d0a15c0b85485b36a92385f866fd119eb5a2678403f8201bb89e18c

  • SHA512

    677156c85daf561398eef97e1e920c66cccfd342988d318b292d03694eac0b1a594adfbb7c3b5ac940234d2c165504fe1ff8dcd168ab14c49c63a0dbdca940f8

  • SSDEEP

    196608:e64kbezidoC+okKRXDFk81sgJ2nMwDeCfLjtDwh31rnA4a9Tl:lbJdx+eDFk81sg4nMYjjto3o/

Score
10/10
umbralstealer

Malware Config

Signatures

  • Detect Umbral payload 1 IoCs
  • Umbral

    Umbral stealer is an opensource moduler stealer written in C#.

    stealerumbral
  • Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Yeezus.exe
    "C:\Users\Admin\AppData\Local\Temp\Yeezus.exe"
    1⤵
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:4436

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4436-0-0x0000000074440000-0x0000000074BF0000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/4436-1-0x00000000007C0000-0x0000000001B32000-memory.dmp

    Filesize

    19.4MB

    Download

  • memory/4436-2-0x0000000074440000-0x0000000074BF0000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/4436-3-0x0000000005F90000-0x0000000005F91000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4436-4-0x000000000ABE0000-0x000000000ABF0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4436-5-0x000000000B1A0000-0x000000000B744000-memory.dmp

    Filesize

    5.6MB

    Download

  • memory/4436-6-0x000000000AC90000-0x000000000AD22000-memory.dmp

    Filesize

    584KB

    Download

  • memory/4436-7-0x000000000C1B0000-0x000000000CC08000-memory.dmp

    Filesize

    10.3MB

    Download

  • memory/4436-8-0x000000000AE30000-0x000000000AE4C000-memory.dmp

    Filesize

    112KB

    Download

  • memory/4436-9-0x0000000006650000-0x000000000665A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/4436-10-0x0000000007B00000-0x0000000008074000-memory.dmp

    Filesize

    5.5MB

    Download

  • memory/4436-11-0x000000000ABE0000-0x000000000ABF0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4436-12-0x000000000ABE0000-0x000000000ABF0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4436-14-0x000000000ABE0000-0x000000000ABF0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4436-13-0x000000000ABE0000-0x000000000ABF0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4436-15-0x000000000ABE0000-0x000000000ABF0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4436-16-0x000000000ABE0000-0x000000000ABF0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4436-17-0x000000000ABE0000-0x000000000ABF0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4436-18-0x000000000ABE0000-0x000000000ABF0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4436-19-0x000000000ABE0000-0x000000000ABF0000-memory.dmp

    Filesize

    64KB

    Download