Extracted

• • Target

    guilded_ums.exe

  • Size

    227KB

  • MD5

    adbb1ff2093cd75f5d386ed3071f732a

  • SHA1

    cbec205579e47cfab72873a13f3021b56c111b68

  • SHA256

    d646794ea3c663854047a79206ef3dc27f16c01162248a95d8d52927c05f1889

  • SHA512

    236f6fcda0a5808d63e34bb5c542196212d039bb739ed9c0902a0c899d01bfb47403561d6a9e69668e5e5055a42c46daf46910364d5a74be5c4cca2f84dd24ec

  • SSDEEP

    6144:dloZMxNXg+dOntLnEPfdMXGkVW2U7X8gtoGnnG+Tb8e1mai:/oZxEOn0mGkVW2U7X8gtoGnnGEw

  Score

  10^/10

  umbralspywarestealer

  • Detect Umbral payload

  • Umbral

    Umbral stealer is an opensource moduler stealer written in C#.

    stealerumbral

  • Drops file in Drivers directory

  • Deletes itself

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  behavioral1behavioral2behavioral3behavioral4behavioral5