Overview

overview

10

Static

static

10

Drag To REH.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Drag To REH.exe

  • Size

    234KB

  • Sample

    240317-xkpt2sdg2s

  • MD5

    a2a0c327823f83116e727fd7b3d664ea

  • SHA1

    46116a07cc0e6d3bdd17bf63af02e36dd851ed30

  • SHA256

    a583bb77e2e129162e8bb14f1f840ee0491527f5d9fe0b2ccb663bb4c6980087

  • SHA512

    307300f9c5965bff22dab41f13dc2198b23b41bc7725143d6f23c4b95a801573f1158321884ae2f57c86cc6cc348fc48cd2889029163aef87a81abe75c228dec

  • SSDEEP

    6144:jloZMCrIkd8g+EtXHkv/iD4mQHXXN2eRwENfKK/7Xb8e1mSi:BoZZL+EP8mQHXXN2eRwENfKK/3I

Score
10/10
umbralspywarestealer

Malware Config

Extracted

Family

umbral

C2

https://discord.com/api/webhooks/1218207343142113411/Evcrs1eb66_X6EXcDVHlwukVRSMbgmU34mj1opNyxZFVNSKKdWFQasnrfl-L4GLo_pag

Targets

    • Target

      Drag To REH.exe

    • Size

      234KB

    • MD5

      a2a0c327823f83116e727fd7b3d664ea

    • SHA1

      46116a07cc0e6d3bdd17bf63af02e36dd851ed30

    • SHA256

      a583bb77e2e129162e8bb14f1f840ee0491527f5d9fe0b2ccb663bb4c6980087

    • SHA512

      307300f9c5965bff22dab41f13dc2198b23b41bc7725143d6f23c4b95a801573f1158321884ae2f57c86cc6cc348fc48cd2889029163aef87a81abe75c228dec

    • SSDEEP

      6144:jloZMCrIkd8g+EtXHkv/iD4mQHXXN2eRwENfKK/7Xb8e1mSi:BoZZL+EP8mQHXXN2eRwENfKK/3I

    Score
    10/10
    umbralspywarestealer

    • Detect Umbral payload

    • Umbral

      Umbral stealer is an opensource moduler stealer written in C#.

      stealerumbral

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks