Overview

overview

10

Static

static

3

minecraft.jar

windows7-x64

1

minecraft.jar

windows10-2004-x64

1

start.exe

windows7-x64

start.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    NursultanCrack.rar

  • Size

    183KB

  • Sample

    240316-xve3lahg7x

  • MD5

    d3ad8d4ecbadea0a2ba6a92e91ed2d2b

  • SHA1

    977368283f90605be222c310d6880fab8478ad7a

  • SHA256

    b9395c6223dd34cdd95dd5c298eb609a806b12f2f2bcf9b0932b47ab564ee591

  • SHA512

    1bd24793905cfd2bad5c2640e1b2f99bc4e7424cb7f6c17a42f69ec3bc04e1aed667d70d94ea4b1b616d3742023742dac60c3714f421402aeecba75ad09e3ba1

  • SSDEEP

    3072:ngYU/sh31YoZfxYguGUb+MTezWxURWy0i9WQcM2ojNZbO/9GM69LOAalm2tJM:gWzuvG++geKQWyZ9okLO/956djalvM

Score
10/10
umbralspywarestealer

Malware Config

Extracted

Family

umbral

C2

https://discord.com/api/webhooks/1218605453374914620/OdDYjKWd2x_sgrT_0JmzryiFvoGTz03pvb7F84neOCAte6YtS3TcUiq7-D1K38B9s0T8

Targets

    • Target

      minecraft.jar

    • Size

      1.4MB

    • MD5

      90a312993c010c97b4ed7499bf5298f8

    • SHA1

      d16dc6ba2bf420d0be5197029c31e41b14adf7dc

    • SHA256

      80ac5f0776e7c7cd7bd4971e884e2233bde1bd5b51441e34109dbf717e73b672

    • SHA512

      d3196d0ffa7969a4ccf7feac5eb21f94f9a9fc1fb7fef004726332b8365f7405497e57db523ab63c93218cf7e48ef1d62411dcc84d5f203a975ea42a4751826a

    • SSDEEP

      3:7DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDr:H

    Score
    1/10
    behavioral1behavioral2

    • Target

      start.exe

    • Size

      192KB

    • MD5

      066f7f594bf6f254748bc19562dd1bc3

    • SHA1

      313883f4a7fbfc3c60b153492aeefb927c5d5694

    • SHA256

      9398c6385a5246fe4b86b0f247ddb8a93a9c326389dabef1b96bd65af09b360e

    • SHA512

      04f0c82938dee7a790876ab39282c36eda0c6de11a337d93f728c07be6ff5997605c6a9bba886b94091c313795ee19bf96d65ca9ac1e1d62eeab7acd33b6afca

    • SSDEEP

      6144:i0mlbUZ0lzEhoPkoaHOw4D/dB8H2HSZRw5:0aCESPkpHNi/bX

    Score
    10/10
    umbralspywarestealer

    • Detect Umbral payload

    • Umbral

      Umbral stealer is an opensource moduler stealer written in C#.

      stealerumbral

    • Blocklisted process makes network request

    • Drops file in Drivers directory

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks