General
-
Target
ClientBetaNew.exe
-
Size
229KB
-
Sample
240415-s3a2dscb9s
-
MD5
e7fca17393a9f4cb9ccb2f65fc2bb214
-
SHA1
cef26fa30e3f68d85ab923beecc0cd0dbfa2a720
-
SHA256
499282fecf90d5dcdf2b01ca4413c37477ec17b6068b43300dfeaefa1fb50978
-
SHA512
303fe673e0d12410010971fb15ae58751948a7e0fb559e97acf5c73df0a7987dc8d423d59ebdfdfee79ef2696795ecf78543dcb74bebf6073a65229a2d24b80a
-
SSDEEP
6144:9loZM+rIkd8g+EtXHkv/iD4rzQumkrHM99YW3X2gyb8e1mtzi:foZtL+EP8rzQumkrHM99YW3X23Ie
Malware Config
Extracted
umbral
https://discord.com/api/webhooks/1228961158032261151/x5bALpkiKWNhez1S3tpx6EU3KWmw4QhC3ZYLfNmj5sJalr62XbwIXFICAAfVJYroxbhu
Targets
-
-
Target
ClientBetaNew.exe
-
Size
229KB
-
MD5
e7fca17393a9f4cb9ccb2f65fc2bb214
-
SHA1
cef26fa30e3f68d85ab923beecc0cd0dbfa2a720
-
SHA256
499282fecf90d5dcdf2b01ca4413c37477ec17b6068b43300dfeaefa1fb50978
-
SHA512
303fe673e0d12410010971fb15ae58751948a7e0fb559e97acf5c73df0a7987dc8d423d59ebdfdfee79ef2696795ecf78543dcb74bebf6073a65229a2d24b80a
-
SSDEEP
6144:9loZM+rIkd8g+EtXHkv/iD4rzQumkrHM99YW3X2gyb8e1mtzi:foZtL+EP8rzQumkrHM99YW3X23Ie
-
Detect Umbral payload
-
Drops file in Drivers directory
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-