General

  • Target

    Output.exe

  • Size

    242KB

  • Sample

    240418-3sgrasad24

  • MD5

    5ecf28e4f6ce599e9089a4676cc13835

  • SHA1

    26f56dc0adffedb0c74354d92ca2955bd57ec8c4

  • SHA256

    1fbf2a24e1c9a5651b0c552a4b309fcb6b111acf46eaa14fbdb0c4ab9ecdd0dc

  • SHA512

    16f71608f838ae826d4a1d8a90c06d6342edacd2832d16f5864c6eb38b1b1930c67d03c03391d0bb3a12e3236b6c75344a7193a639317d06dc71e29979639711

  • SSDEEP

    6144:JfPHgrLx2sS6RCAa9jcBX71BCAIGDE040FX1:RHgr0sS6RCjhc91BrIV01

Score
10/10

Malware Config

Targets

    • Target

      Output.exe

    • Size

      242KB

    • MD5

      5ecf28e4f6ce599e9089a4676cc13835

    • SHA1

      26f56dc0adffedb0c74354d92ca2955bd57ec8c4

    • SHA256

      1fbf2a24e1c9a5651b0c552a4b309fcb6b111acf46eaa14fbdb0c4ab9ecdd0dc

    • SHA512

      16f71608f838ae826d4a1d8a90c06d6342edacd2832d16f5864c6eb38b1b1930c67d03c03391d0bb3a12e3236b6c75344a7193a639317d06dc71e29979639711

    • SSDEEP

      6144:JfPHgrLx2sS6RCAa9jcBX71BCAIGDE040FX1:RHgr0sS6RCjhc91BrIV01

    Score
    10/10
    • Detect Umbral payload

    • Umbral

      Umbral stealer is an opensource moduler stealer written in C#.

    • Drops file in Drivers directory

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks