General

  • Target

    ClientBetaNew.exe

  • Size

    229KB

  • Sample

    240415-vdcj2ade4w

  • MD5

    e7fca17393a9f4cb9ccb2f65fc2bb214

  • SHA1

    cef26fa30e3f68d85ab923beecc0cd0dbfa2a720

  • SHA256

    499282fecf90d5dcdf2b01ca4413c37477ec17b6068b43300dfeaefa1fb50978

  • SHA512

    303fe673e0d12410010971fb15ae58751948a7e0fb559e97acf5c73df0a7987dc8d423d59ebdfdfee79ef2696795ecf78543dcb74bebf6073a65229a2d24b80a

  • SSDEEP

    6144:9loZM+rIkd8g+EtXHkv/iD4rzQumkrHM99YW3X2gyb8e1mtzi:foZtL+EP8rzQumkrHM99YW3X23Ie

Score
10/10

Malware Config

Extracted

Family

umbral

C2

https://discord.com/api/webhooks/1228961158032261151/x5bALpkiKWNhez1S3tpx6EU3KWmw4QhC3ZYLfNmj5sJalr62XbwIXFICAAfVJYroxbhu

Targets

    • Target

      ClientBetaNew.exe

    • Size

      229KB

    • MD5

      e7fca17393a9f4cb9ccb2f65fc2bb214

    • SHA1

      cef26fa30e3f68d85ab923beecc0cd0dbfa2a720

    • SHA256

      499282fecf90d5dcdf2b01ca4413c37477ec17b6068b43300dfeaefa1fb50978

    • SHA512

      303fe673e0d12410010971fb15ae58751948a7e0fb559e97acf5c73df0a7987dc8d423d59ebdfdfee79ef2696795ecf78543dcb74bebf6073a65229a2d24b80a

    • SSDEEP

      6144:9loZM+rIkd8g+EtXHkv/iD4rzQumkrHM99YW3X2gyb8e1mtzi:foZtL+EP8rzQumkrHM99YW3X23Ie

    Score
    10/10
    • Detect Umbral payload

    • Umbral

      Umbral stealer is an opensource moduler stealer written in C#.

    • Drops file in Drivers directory

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks