General
-
Target
Output.exe
-
Size
242KB
-
Sample
240418-3sgrasad24
-
MD5
5ecf28e4f6ce599e9089a4676cc13835
-
SHA1
26f56dc0adffedb0c74354d92ca2955bd57ec8c4
-
SHA256
1fbf2a24e1c9a5651b0c552a4b309fcb6b111acf46eaa14fbdb0c4ab9ecdd0dc
-
SHA512
16f71608f838ae826d4a1d8a90c06d6342edacd2832d16f5864c6eb38b1b1930c67d03c03391d0bb3a12e3236b6c75344a7193a639317d06dc71e29979639711
-
SSDEEP
6144:JfPHgrLx2sS6RCAa9jcBX71BCAIGDE040FX1:RHgr0sS6RCjhc91BrIV01
Static task
static1
Malware Config
Targets
-
-
Target
Output.exe
-
Size
242KB
-
MD5
5ecf28e4f6ce599e9089a4676cc13835
-
SHA1
26f56dc0adffedb0c74354d92ca2955bd57ec8c4
-
SHA256
1fbf2a24e1c9a5651b0c552a4b309fcb6b111acf46eaa14fbdb0c4ab9ecdd0dc
-
SHA512
16f71608f838ae826d4a1d8a90c06d6342edacd2832d16f5864c6eb38b1b1930c67d03c03391d0bb3a12e3236b6c75344a7193a639317d06dc71e29979639711
-
SSDEEP
6144:JfPHgrLx2sS6RCAa9jcBX71BCAIGDE040FX1:RHgr0sS6RCjhc91BrIV01
-
Detect Umbral payload
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-