Overview

overview

10

Static

static

1

URLScan

urlscan

1

https://pixeldrain.c...

windows7-x64

10

https://pixeldrain.c...

windows10-1703-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    https://pixeldrain.com/u/pTQAcqFT

  • Sample

    240214-raadqace3w

Score
10/10
44calibernjratumbralevasionpersistencespywarestealertrojan

Malware Config

Extracted

Family

umbral

C2

https://discord.com/api/webhooks/1207297266575081502/8pNNw7XjV5x3NJruoh5DyQ0-4SAQCe6BhhIyIv91xDxVVGnGIhfAFyQBn7F9GYDazHOv

Extracted

Family

44caliber

C2

https://discord.com/api/webhooks/1207280118632816672/0IZfDvtoISIje6CJrXL_Q-d2-6He_gSbGz-bx0rHpv2QNeoScHFiZ4sukqDpuSEztgqw

Targets

    • Target

      https://pixeldrain.com/u/pTQAcqFT

    Score
    10/10
    44calibernjratumbralevasionpersistencespywarestealertrojan

    • 44Caliber

      An open source infostealer written in C#.

      stealer44caliber

    • Detect Umbral payload

    • Umbral

      Umbral stealer is an opensource moduler stealer written in C#.

      stealerumbral

    • njRAT/Bladabindi

      Widely used RAT written in .NET.

      trojannjrat

    • Downloads MZ/PE file

    • Modifies Windows Firewall

      evasion

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Adds Run key to start application

      persistence

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks