Extracted

• • Target

    test.exe

  • Size

    229KB

  • MD5

    4a1a7343912696cddb2f5e4fcb02a1c1

  • SHA1

    a7ed28d7dce1e93b349c9709690f2f03fc01a379

  • SHA256

    4baa876c24d03ddeb3484975bc7bcc90a498f26274d10a3ee499b5a1f8e5c749

  • SHA512

    355ce587a28634e7ebfe86f754693a1f04feb463db3439549022ec4601c154be4d19057a81b22c3b69ce68bf86839aae0d3c8e4af6297dffe2d04fa430a35850

  • SSDEEP

    6144:lloZM9rIkd8g+EtXHkv/iD45Pu6qoHjgv5sqb7ivrATb8e1mmi:noZOL+EP85Pu6qoHjgv5sqb7ivGE

  Score

  10^/10

  umbralspywarestealer

  • Detect Umbral payload

  • Umbral

    Umbral stealer is an opensource moduler stealer written in C#.

    stealerumbral

  • Drops file in Drivers directory

  • Deletes itself

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Legitimate hosting services abused for malware hosting/C2

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  behavioral1behavioral2