Resubmissions

15-04-2024 16:39

240415-t5y2nsba78 10

15-04-2024 16:36

240415-t4jwcsba49 10

General

  • Target

    Velonity.exe

  • Size

    1.2MB

  • Sample

    240415-t4jwcsba49

  • MD5

    acfe7dcbe9723382722bcdf52bbb73e8

  • SHA1

    b60644750f40d2ee4052c8e6dd588ad99288bc6f

  • SHA256

    455784b6d8edafa34ac88e20d2ca34a8e26d6ae8c89fc77875c856feab347ef3

  • SHA512

    841e20a08f6c59c3162a3fd4e6d44276c0025c7cc75261e481c21a4b4df629c5d603c4bda3d6f927ac24186d4a3fd162ec5e2d05c97528b37e8cf9efc4d530cb

  • SSDEEP

    24576:vDM2Ny922wrKSFocmJgYV1lJ544YcRgbJhf1foTh9ZCLzAxy+7:rzeEWSFoDg45gbJ30h9ZJy

Score
10/10

Malware Config

Extracted

Family

umbral

C2

https://discord.com/api/webhooks/1226889417617309827/aGM_hNDP-J3NT9u8SNSCocRMlBp_FCEGgjkp6sBXd1GO8FD5GFf_AHKBNovo138ckADt

Targets

    • Target

      Velonity.exe

    • Size

      1.2MB

    • MD5

      acfe7dcbe9723382722bcdf52bbb73e8

    • SHA1

      b60644750f40d2ee4052c8e6dd588ad99288bc6f

    • SHA256

      455784b6d8edafa34ac88e20d2ca34a8e26d6ae8c89fc77875c856feab347ef3

    • SHA512

      841e20a08f6c59c3162a3fd4e6d44276c0025c7cc75261e481c21a4b4df629c5d603c4bda3d6f927ac24186d4a3fd162ec5e2d05c97528b37e8cf9efc4d530cb

    • SSDEEP

      24576:vDM2Ny922wrKSFocmJgYV1lJ544YcRgbJhf1foTh9ZCLzAxy+7:rzeEWSFoDg45gbJ30h9ZJy

    Score
    10/10
    • Detect Umbral payload

    • Umbral

      Umbral stealer is an opensource moduler stealer written in C#.

    • Drops file in Drivers directory

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks