umbral | 8f0352553ab0acb32642074579db93344be53f54c700ee70bef3335db09c6529 | Triage

Sharing

General

Target

Amruus promo link generator.rar
Size

79KB
Sample

240214-x9rd6sbe33
MD5

0b25d0cf701d9c68ae40085c1afe2e3d
SHA1

0266c00fdcddc3e2f835cfb4109dffe1e7cf32c7
SHA256

8f0352553ab0acb32642074579db93344be53f54c700ee70bef3335db09c6529
SHA512

cb797620225ab96d36f58dd50570e00a71909ad68d5080ce5d85e0e0b8b85ea38aba4487b434973d8c28b61c5a3914f8e7779c488a67f4b3a9d80bd95fcf0b6a
SSDEEP

1536:shAHcE4HDPB61u7iqzzMXCcCwi8vLusrqAVVEHqdO9A745ig8KHQjDy:aAHcEkZqXfC4rqegqY5FL

Score

10^/10

umbral spyware stealer

Malware Config

Extracted

Family

umbral

C2

https://discord.com/api/webhooks/1196551286892535848/BI-4wJMe0VqcV998bhbMUu_wWa9MHqKDsvG2bhmZuynbA6FvVmQpf3BApw4_YqBZ6TZ5

Targets

- Target
  
  Amruus promo link generator/Promo link generator.exe
- Size
  
  228KB
- MD5
  
  4e711e7231a67ebf4278a6ba9e2a1f98
- SHA1
  
  9bc200a14d089e0fe869674ee5f4219e86dc3009
- SHA256
  
  cfb4919168697ab5bfaa045cbf2c647aa55c1ffc8f5109acf90f2e90af14f40a
- SHA512
  
  38ac5f01c19304431f1b862172fd0ed7b67fd8926c94e289a7a9b06a6772b02c7708f9ebeb3263269721d379dede458bd29d16fd6eb81eb500d85b202707ec0f
- SSDEEP
  
  6144:BloZMUrIkd8g+EtXHkv/iD409mMN5nsAv9R0STTKg/Yb8e1mIi:zoZrL+EP8gmMN5nsAv9R0STTKBm
Score

10^/10

umbral spyware stealer
- Detect Umbral payload
- Umbral
  Umbral stealer is an opensource moduler stealer written in C#.
  stealer umbral
- Drops file in Drivers directory
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

umbralspywarestealer