General
-
Target
Unban Global HWID.rar
-
Size
18.4MB
-
Sample
240327-am4pnaff39
-
MD5
c1fcc97958bde970193f623243108df6
-
SHA1
ec4cdd086f04bcb6b091f0fb1a4d0285d9800321
-
SHA256
6a251f9c14224d9a95d4136b58b6819a42976af48edfd23397db6caa5292b9b5
-
SHA512
8fb2f765ba4bd153792305751b921789a737db0cb777e5dece3ff9be12f5cb1e8262976975b0fa6485e4aef77e3769816b3f24c30c3243bbdae744d139f04aeb
-
SSDEEP
393216:TOrxj/TQDQIfk1rci/hhLLI+sWpZFpjFFc4jDQ6d:Toxj8E1r3hzTF7nDL
Malware Config
Extracted
umbral
https://discord.com/api/webhooks/1217519421250342985/wTHwTr2HvqdRl0zSHT1a0jS_RD4Y-Z8kMqRtUmJ8tdfV_S_5tVJEK5bR8klGY17fXqgf
Targets
-
-
Target
Unban Global HWID/Cleaner.exe
-
Size
229KB
-
MD5
00b50ac019d337a11d626cb5e48931a3
-
SHA1
fab828f25f492a1a8f6e8f112f95daf5fb7ba209
-
SHA256
bf5ed21104c2406217f2629ea5dac416172e4f7019817ae9fe81d5925c656936
-
SHA512
8fab8f9fe41049a725df6bf275cf2f8e121c048f20f1608534d7118770ce096242481af1f38fb0ede9e34c8808e45bee80dfa06424a604544c10688e31610000
-
SSDEEP
6144:lloZMCrIkd8g+EtXHkv/iD4p5NZf9rI8j667NokRg9/b8e1myi:noZZL+EP8pnZf9rI8j667NokRss
-
Detect Umbral payload
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-