Overview

overview

10

Static

static

3

setup-1.exe

windows7-x64

10

setup-1.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    setup-1.exe

  • Size

    244KB

  • Sample

    240229-q356esbd66

  • MD5

    88a46f6fad262c425ac411c1f9594c69

  • SHA1

    07a58a70278d223165ba22aee94863587ceb4057

  • SHA256

    b638a068653a1b5273d6a11c43d97c7cc3febdc3085243760ac9c57e04d35e10

  • SHA512

    730549619dd6e8847068c4f569b3d1f9d8b49162d85d8a8a6c4a4151f1a97590d7d59dc91e15497c5ce5d020d53385f8cb8de30e159d5f34718f26ace2272001

  • SSDEEP

    6144:epkye1kDlYpAoEjQnZkLdGDB6Hkn2cY3TwaRb7:kknCDSBEjEkLdM6HV3Ma

Score
10/10
umbralpersistencestealer

Malware Config

Extracted

Family

umbral

C2

https://discord.com/api/webhooks/1211276511907151963/KjUXY-OO5tQr3VnZNM1_1xmfhFv3JUJtYA090It15YMwQCWI8k2rOR5-d1J0h7UrcBe-

Targets

    • Target

      setup-1.exe

    • Size

      244KB

    • MD5

      88a46f6fad262c425ac411c1f9594c69

    • SHA1

      07a58a70278d223165ba22aee94863587ceb4057

    • SHA256

      b638a068653a1b5273d6a11c43d97c7cc3febdc3085243760ac9c57e04d35e10

    • SHA512

      730549619dd6e8847068c4f569b3d1f9d8b49162d85d8a8a6c4a4151f1a97590d7d59dc91e15497c5ce5d020d53385f8cb8de30e159d5f34718f26ace2272001

    • SSDEEP

      6144:epkye1kDlYpAoEjQnZkLdGDB6Hkn2cY3TwaRb7:kknCDSBEjEkLdM6HV3Ma

    Score
    10/10
    umbralpersistencestealer

    • Detect Umbral payload

    • Modifies WinLogon for persistence

      persistence

    • Umbral

      Umbral stealer is an opensource moduler stealer written in C#.

      stealerumbral

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks