General
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://cdn.discordapp.com/attachments/1228830370326249553/1228830718818517103/KrampusCrk-ByAnt4c.rar?ex=662d78c9&is=661b03c9&hm=356a4c85bed61285b3230317537cc823ce0d2f891d20b00421d416b0cda0b87e&
Resource
win10v2004-20240412-en
windows10-2004-x64
21 signatures
150 seconds
Malware Config
Extracted
Family
umbral
C2
https://discord.com/api/webhooks/1227683059114049609/J-NRozb82rWMygV4-7Yy0RMllueaLQzhGa-3Da0fHcUN49PnTuKYn0Czl7gR_VfWxkpx
Targets
-
-
Target
https://cdn.discordapp.com/attachments/1228830370326249553/1228830718818517103/KrampusCrk-ByAnt4c.rar?ex=662d78c9&is=661b03c9&hm=356a4c85bed61285b3230317537cc823ce0d2f891d20b00421d416b0cda0b87e&
-
Detect Umbral payload
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-