General
-
Target
mw3loader.exe
-
Size
227KB
-
Sample
240405-29fpwsfb99
-
MD5
4c8071eac3e759a8d31d887cefd6a13e
-
SHA1
3931ad556f63a7afe07d01f0193154fee4587b5c
-
SHA256
13dbfe8753d896c070bc48d6b4b07f76a8e34a9d949f855fb6e810197764f4bf
-
SHA512
31b621a3dccc6d6b024c432c453da26caa0ad6f81f72d77c9bdb35c16522d3f101f7114106a735e738213adf264f0aaf00b1fe3217065f6d884acb32ddf86754
-
SSDEEP
6144:eloZM9rIkd8g+EtXHkv/iD44PCKSGELnsDd42X3Wh2b8e1mni:IoZOL+EP8qCKSGELnsDd42X3Wsl
Malware Config
Extracted
umbral
https://discord.com/api/webhooks/1225939299975823531/hi0KA2iXCI7FLYDopNjuDcU-fNzEE5HRr3DcqtzH_qLfrS6w9VE06rGOJ_zaplYx7d5X
Targets
-
-
Target
mw3loader.exe
-
Size
227KB
-
MD5
4c8071eac3e759a8d31d887cefd6a13e
-
SHA1
3931ad556f63a7afe07d01f0193154fee4587b5c
-
SHA256
13dbfe8753d896c070bc48d6b4b07f76a8e34a9d949f855fb6e810197764f4bf
-
SHA512
31b621a3dccc6d6b024c432c453da26caa0ad6f81f72d77c9bdb35c16522d3f101f7114106a735e738213adf264f0aaf00b1fe3217065f6d884acb32ddf86754
-
SSDEEP
6144:eloZM9rIkd8g+EtXHkv/iD44PCKSGELnsDd42X3Wh2b8e1mni:IoZOL+EP8qCKSGELnsDd42X3Wsl
-
Detect Umbral payload
-
Drops file in Drivers directory
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-