Overview

overview

10

Static

static

3

InjectionLibrary.dll

windows10-2004-x64

1

InjectionLibrary.dll

windows11-21h2-x64

1

NostalgiaPaste.exe

windows10-2004-x64

10

NostalgiaPaste.exe

windows11-21h2-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    NostalgiaPaste.zip

  • Size

    574KB

  • Sample

    240212-a1wwzade9t

  • MD5

    bd819ec83f371bc41181e9db4337e440

  • SHA1

    9fe3dc1a2214af04feec4256530bd9994ab0dc8a

  • SHA256

    591d6a1ba6daad5d9c8d276cf833047bb67913d42f09c871a3156bb46ac1d2aa

  • SHA512

    6f2ef8cebb30ca682bed84c81a868b517ea42af620c8a61b2b5fac28127c885adf5869df2ec4ef0f7c56bf564aa8a18d4ee330fbb325400f2a5364b69a73843b

  • SSDEEP

    12288:+rDRems2X35ShcmLe9tQX1Nwo89m2tWHB+M1qGB4ZumLPSm:+3/ShcmC41C39m2t2Dck4XD

Score
10/10
umbralspywarestealer

Malware Config

Targets

    • Target

      InjectionLibrary.dll

    • Size

      78KB

    • MD5

      64ef546a5a013f36524507e7dfc70d09

    • SHA1

      d6d0aabdc88b7a875fd666a65194e250cd9ef3e5

    • SHA256

      7919342e61f58303b1efe7bc3f2a612b717d64069c45eb53f0193218821d0016

    • SHA512

      b409aaaf770bf0ca436e66279a324158845cba04ad892bbe98c0e32e96faacf83108d5e5b2b51efb59c8a3fccb4476303af47408f1a26bd79b18008ceaa7cc6b

    • SSDEEP

      1536:E2t6wUtyYiZdqESehfyNHhwTZNzTedgzmZLtQ/5i:7t6LMXZdkaKNHhwTZRTej9Y4

    Score
    1/10
    behavioral1behavioral2

    • Target

      NostalgiaPaste.exe

    • Size

      614KB

    • MD5

      863ccaa8f5615fd603e3df9e08d433c6

    • SHA1

      58e5ac27b4c8ce04b705fbd4fc267c7c96ae8438

    • SHA256

      b502a581b8b5f291508791631fbd40853edc952572eaa214086f6a91694a284a

    • SHA512

      715dccca665ffc88da761fc2ae0a9a01a477c3546b86fc0922ca033b4826f44b42c2c718b1adec2c26e9736e3e81c144ef5f5161706daa3acbabe8b0f952a906

    • SSDEEP

      12288:3l/5a8Yv+Gk+IRvmf8lDATKwRP7NaaWSxpumTFzoLIOnrDjfBlfrkfVNaw9mmrz6:3P9rGbIRuf8lkRP7NaLGNoLbjfBl4NN7

    Score
    10/10
    umbralspywarestealer

    • Detect Umbral payload

    • Umbral

      Umbral stealer is an opensource moduler stealer written in C#.

      stealerumbral

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks