Overview

overview

10

Static

static

3

InjectionLibrary.dll

windows10-2004-x64

1

NostalgiaPaste.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    NostalgiaPaste.rar

  • Size

    570KB

  • Sample

    240221-sng66ahg4v

  • MD5

    580fb25abdc9708233367ed8e44cca3a

  • SHA1

    3928152088541452edde87b688e1955c6c4ef100

  • SHA256

    ac9fb718a06f5ea046a5ce765f84c202c08c45814bcd10c9e74de3dfc8301878

  • SHA512

    2bb828bc6b0cf883730d2ce87bcfe3763c8c374c74d0db6d11020315bcc37322c377d514dbe1ee0755885e1d4fbbb71001c80cd3ff1025edf75a4c1cecf55331

  • SSDEEP

    12288:RpQYd+rE48vynhsyQuPLB55BeBM3dFO7Wbs2kQaBfunQZ:RpQYww48CrbFBey3cWw21aUnQZ

Score
10/10
umbralspywarestealer

Malware Config

Targets

    • Target

      InjectionLibrary.dll

    • Size

      78KB

    • MD5

      64ef546a5a013f36524507e7dfc70d09

    • SHA1

      d6d0aabdc88b7a875fd666a65194e250cd9ef3e5

    • SHA256

      7919342e61f58303b1efe7bc3f2a612b717d64069c45eb53f0193218821d0016

    • SHA512

      b409aaaf770bf0ca436e66279a324158845cba04ad892bbe98c0e32e96faacf83108d5e5b2b51efb59c8a3fccb4476303af47408f1a26bd79b18008ceaa7cc6b

    • SSDEEP

      1536:E2t6wUtyYiZdqESehfyNHhwTZNzTedgzmZLtQ/5i:7t6LMXZdkaKNHhwTZRTej9Y4

    Score
    1/10
    behavioral1

    • Target

      NostalgiaPaste.exe

    • Size

      614KB

    • MD5

      863ccaa8f5615fd603e3df9e08d433c6

    • SHA1

      58e5ac27b4c8ce04b705fbd4fc267c7c96ae8438

    • SHA256

      b502a581b8b5f291508791631fbd40853edc952572eaa214086f6a91694a284a

    • SHA512

      715dccca665ffc88da761fc2ae0a9a01a477c3546b86fc0922ca033b4826f44b42c2c718b1adec2c26e9736e3e81c144ef5f5161706daa3acbabe8b0f952a906

    • SSDEEP

      12288:3l/5a8Yv+Gk+IRvmf8lDATKwRP7NaaWSxpumTFzoLIOnrDjfBlfrkfVNaw9mmrz6:3P9rGbIRuf8lkRP7NaLGNoLbjfBl4NN7

    Score
    10/10
    umbralspywarestealer

    • Detect Umbral payload

    • Umbral

      Umbral stealer is an opensource moduler stealer written in C#.

      stealerumbral

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral2

MITRE ATT&CK Enterprise v15

Tasks