General

  • Target

    mw3loader.exe

  • Size

    227KB

  • Sample

    240405-29fpwsfb99

  • MD5

    4c8071eac3e759a8d31d887cefd6a13e

  • SHA1

    3931ad556f63a7afe07d01f0193154fee4587b5c

  • SHA256

    13dbfe8753d896c070bc48d6b4b07f76a8e34a9d949f855fb6e810197764f4bf

  • SHA512

    31b621a3dccc6d6b024c432c453da26caa0ad6f81f72d77c9bdb35c16522d3f101f7114106a735e738213adf264f0aaf00b1fe3217065f6d884acb32ddf86754

  • SSDEEP

    6144:eloZM9rIkd8g+EtXHkv/iD44PCKSGELnsDd42X3Wh2b8e1mni:IoZOL+EP8qCKSGELnsDd42X3Wsl

Score
10/10

Malware Config

Extracted

Family

umbral

C2

https://discord.com/api/webhooks/1225939299975823531/hi0KA2iXCI7FLYDopNjuDcU-fNzEE5HRr3DcqtzH_qLfrS6w9VE06rGOJ_zaplYx7d5X

Targets

    • Target

      mw3loader.exe

    • Size

      227KB

    • MD5

      4c8071eac3e759a8d31d887cefd6a13e

    • SHA1

      3931ad556f63a7afe07d01f0193154fee4587b5c

    • SHA256

      13dbfe8753d896c070bc48d6b4b07f76a8e34a9d949f855fb6e810197764f4bf

    • SHA512

      31b621a3dccc6d6b024c432c453da26caa0ad6f81f72d77c9bdb35c16522d3f101f7114106a735e738213adf264f0aaf00b1fe3217065f6d884acb32ddf86754

    • SSDEEP

      6144:eloZM9rIkd8g+EtXHkv/iD44PCKSGELnsDd42X3Wh2b8e1mni:IoZOL+EP8qCKSGELnsDd42X3Wsl

    Score
    10/10
    • Detect Umbral payload

    • Umbral

      Umbral stealer is an opensource moduler stealer written in C#.

    • Drops file in Drivers directory

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks