Extracted

• • Target

    (run this first).exe

  • Size

    231KB

  • MD5

    a300445575b7666a4bcbf8e7d7161bb2

  • SHA1

    cd5f1682962ad047e9cf94689ea876a24126678b

  • SHA256

    fb4f48bc53fbd1949222bd3cc0df08e2ac43619adc5117f7d6ded970407c0e1f

  • SHA512

    e2b13887e7374fe2eb27caaab0852c6df1845c49ac9e75007745524fe94ef028419441433522a14d11ef3d3a93e6461d9d77d752f04b0a6b2c6fa94f4560a7dd

  • SSDEEP

    6144:xloZM+rIkd8g+EtXHkv/iD4W26crT5KyNw4ZL22jUgb8e1mTwi:DoZlL+EP8W26crT5KyNw4ZL22j5wp

  Score

  10^/10

  umbralspywarestealer

  • Detect Umbral payload

  • Umbral

    Umbral stealer is an opensource moduler stealer written in C#.

    stealerumbral

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Legitimate hosting services abused for malware hosting/C2

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  behavioral1