General

  • Target

    Unban Global HWID.rar

  • Size

    18.4MB

  • Sample

    240327-am4pnaff39

  • MD5

    c1fcc97958bde970193f623243108df6

  • SHA1

    ec4cdd086f04bcb6b091f0fb1a4d0285d9800321

  • SHA256

    6a251f9c14224d9a95d4136b58b6819a42976af48edfd23397db6caa5292b9b5

  • SHA512

    8fb2f765ba4bd153792305751b921789a737db0cb777e5dece3ff9be12f5cb1e8262976975b0fa6485e4aef77e3769816b3f24c30c3243bbdae744d139f04aeb

  • SSDEEP

    393216:TOrxj/TQDQIfk1rci/hhLLI+sWpZFpjFFc4jDQ6d:Toxj8E1r3hzTF7nDL

Score
10/10

Malware Config

Extracted

Family

umbral

C2

https://discord.com/api/webhooks/1217519421250342985/wTHwTr2HvqdRl0zSHT1a0jS_RD4Y-Z8kMqRtUmJ8tdfV_S_5tVJEK5bR8klGY17fXqgf

Targets

    • Target

      Unban Global HWID/Cleaner.exe

    • Size

      229KB

    • MD5

      00b50ac019d337a11d626cb5e48931a3

    • SHA1

      fab828f25f492a1a8f6e8f112f95daf5fb7ba209

    • SHA256

      bf5ed21104c2406217f2629ea5dac416172e4f7019817ae9fe81d5925c656936

    • SHA512

      8fab8f9fe41049a725df6bf275cf2f8e121c048f20f1608534d7118770ce096242481af1f38fb0ede9e34c8808e45bee80dfa06424a604544c10688e31610000

    • SSDEEP

      6144:lloZMCrIkd8g+EtXHkv/iD4p5NZf9rI8j667NokRg9/b8e1myi:noZZL+EP8pnZf9rI8j667NokRss

    Score
    10/10
    • Detect Umbral payload

    • Umbral

      Umbral stealer is an opensource moduler stealer written in C#.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks