General
-
Target
Velonity.exe
-
Size
1.2MB
-
Sample
240415-t5y2nsba78
-
MD5
acfe7dcbe9723382722bcdf52bbb73e8
-
SHA1
b60644750f40d2ee4052c8e6dd588ad99288bc6f
-
SHA256
455784b6d8edafa34ac88e20d2ca34a8e26d6ae8c89fc77875c856feab347ef3
-
SHA512
841e20a08f6c59c3162a3fd4e6d44276c0025c7cc75261e481c21a4b4df629c5d603c4bda3d6f927ac24186d4a3fd162ec5e2d05c97528b37e8cf9efc4d530cb
-
SSDEEP
24576:vDM2Ny922wrKSFocmJgYV1lJ544YcRgbJhf1foTh9ZCLzAxy+7:rzeEWSFoDg45gbJ30h9ZJy
Static task
static1
Behavioral task
behavioral1
Sample
Velonity.exe
Resource
win7-20240221-en
Malware Config
Extracted
umbral
https://discord.com/api/webhooks/1226889417617309827/aGM_hNDP-J3NT9u8SNSCocRMlBp_FCEGgjkp6sBXd1GO8FD5GFf_AHKBNovo138ckADt
Targets
-
-
Target
Velonity.exe
-
Size
1.2MB
-
MD5
acfe7dcbe9723382722bcdf52bbb73e8
-
SHA1
b60644750f40d2ee4052c8e6dd588ad99288bc6f
-
SHA256
455784b6d8edafa34ac88e20d2ca34a8e26d6ae8c89fc77875c856feab347ef3
-
SHA512
841e20a08f6c59c3162a3fd4e6d44276c0025c7cc75261e481c21a4b4df629c5d603c4bda3d6f927ac24186d4a3fd162ec5e2d05c97528b37e8cf9efc4d530cb
-
SSDEEP
24576:vDM2Ny922wrKSFocmJgYV1lJ544YcRgbJhf1foTh9ZCLzAxy+7:rzeEWSFoDg45gbJ30h9ZJy
-
Detect Umbral payload
-
Drops file in Drivers directory
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-