Extracted

• • Target

    Umbral1.exe

  • Size

    231KB

  • MD5

    8b87bf1f0e629ac52ed3ea11d93e2985

  • SHA1

    e89c68857a7478e1fe5a0846ef637284e1603bc6

  • SHA256

    0d0f238dfc7639c39bbd97db3e29bc62f5da11b5242ce594eafef6c5ebc15b30

  • SHA512

    d431b338536a879bf6ea50142936a8d05b4ebc5785a53e35f28a0f393744d17d987a0d63597a13273a9f36308537c6e23c02f197447f4a72a911dda715651180

  • SSDEEP

    6144:xloZM9rIkd8g+EtXHkv/iD41FRzAmB5KG/Cwhl0OGb8e1mOSi:DoZOL+EP81FRzAmB5KG/Cwhl0NN

  Score

  10^/10

  umbralspywarestealer

  • Detect Umbral payload

  • Umbral

    Umbral stealer is an opensource moduler stealer written in C#.

    stealerumbral

  • Drops file in Drivers directory

  • Deletes itself

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Legitimate hosting services abused for malware hosting/C2

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  behavioral1behavioral2