Extracted

Extracted

• • Target

    NursultanCrack.rar

  • Size

    183KB

  • MD5

    d3ad8d4ecbadea0a2ba6a92e91ed2d2b

  • SHA1

    977368283f90605be222c310d6880fab8478ad7a

  • SHA256

    b9395c6223dd34cdd95dd5c298eb609a806b12f2f2bcf9b0932b47ab564ee591

  • SHA512

    1bd24793905cfd2bad5c2640e1b2f99bc4e7424cb7f6c17a42f69ec3bc04e1aed667d70d94ea4b1b616d3742023742dac60c3714f421402aeecba75ad09e3ba1

  • SSDEEP

    3072:ngYU/sh31YoZfxYguGUb+MTezWxURWy0i9WQcM2ojNZbO/9GM69LOAalm2tJM:gWzuvG++geKQWyZ9okLO/956djalvM

  Score

  10^/10

  umbralxwormratspywarestealertrojan

  • Detect Umbral payload

  • Detect Xworm Payload

  • Umbral

    Umbral stealer is an opensource moduler stealer written in C#.

    stealerumbral

  • Xworm

    Xworm is a remote access trojan written in C#.

    trojanratxworm

  • Drops file in Drivers directory

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Legitimate hosting services abused for malware hosting/C2

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  behavioral1behavioral2

• • Target

    assest.rar

  • Size

    24B

  • MD5

    c69d0b5902a959577c02e9dcdda77de0

  • SHA1

    6233724f8b3ac18649dc248d1c778e2bca78a7f2

  • SHA256

    4301ec2e9592e7a22262d1c046954545033b73be322b33a8117d201556c4254b

  • SHA512

    2e8945172ef567d4ae84d6317efce63502a6d9496caa48b8dc09cf12d1ceec3e89d033d6d9fceeba82f403107d15341bcdb72b4a6f60ba3e6df4d2a2cb6e48cd

  Score

  7^/10

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  behavioral3behavioral4

• • Target

    minecraft.jar

  • Size

    1.4MB

  • MD5

    90a312993c010c97b4ed7499bf5298f8

  • SHA1

    d16dc6ba2bf420d0be5197029c31e41b14adf7dc

  • SHA256

    80ac5f0776e7c7cd7bd4971e884e2233bde1bd5b51441e34109dbf717e73b672

  • SHA512

    d3196d0ffa7969a4ccf7feac5eb21f94f9a9fc1fb7fef004726332b8365f7405497e57db523ab63c93218cf7e48ef1d62411dcc84d5f203a975ea42a4751826a

  • SSDEEP

    3:7DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDr:H

  Score

  1^/10
  behavioral5behavioral6

• • Target

    start.exe

  • Size

    192KB

  • MD5

    066f7f594bf6f254748bc19562dd1bc3

  • SHA1

    313883f4a7fbfc3c60b153492aeefb927c5d5694

  • SHA256

    9398c6385a5246fe4b86b0f247ddb8a93a9c326389dabef1b96bd65af09b360e

  • SHA512

    04f0c82938dee7a790876ab39282c36eda0c6de11a337d93f728c07be6ff5997605c6a9bba886b94091c313795ee19bf96d65ca9ac1e1d62eeab7acd33b6afca

  • SSDEEP

    6144:i0mlbUZ0lzEhoPkoaHOw4D/dB8H2HSZRw5:0aCESPkpHNi/bX

  Score

  10^/10

  umbralspywarestealer

  • Detect Umbral payload

  • Umbral

    Umbral stealer is an opensource moduler stealer written in C#.

    stealerumbral

  • Blocklisted process makes network request

  • Drops file in Drivers directory

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Legitimate hosting services abused for malware hosting/C2

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  behavioral7behavioral8