General
-
Target
mechanica.exe
-
Size
235KB
-
Sample
240419-fab2rsha79
-
MD5
c0e8a2ef061d2da5952f7012a2284150
-
SHA1
820e883e45b719c5408b557ddb68435f72587876
-
SHA256
735ce0dc54202d20fe97e8849619dcbdb676263f702176f538059926f98a8054
-
SHA512
bcf5da34b1a480311d84de187401163500a6a93c06f569713429c8230421ef39121824fbaa25d97fecb3fedcafc161f0a31c94ce1f4aba02ed830d937ef8bb1c
-
SSDEEP
6144:zloZM+rIkd8g+EtXHkv/iD4rXcqAmB5K5/Cwhl0Ktb8e1mO6i:xoZtL+EP8rXcqAmB5K5/Cwhl0Ov
Behavioral task
behavioral1
Sample
mechanica.exe
Resource
win10-20240404-en
Malware Config
Extracted
umbral
https://discord.com/api/webhooks/1230737744674689205/bvVoK3_nMVfUC-SWOFZJpeIl8ie0Fxtq0ZkIS_qQ8DqRiUACtvbeX0x7WuxX5ve2rgex
Targets
-
-
Target
mechanica.exe
-
Size
235KB
-
MD5
c0e8a2ef061d2da5952f7012a2284150
-
SHA1
820e883e45b719c5408b557ddb68435f72587876
-
SHA256
735ce0dc54202d20fe97e8849619dcbdb676263f702176f538059926f98a8054
-
SHA512
bcf5da34b1a480311d84de187401163500a6a93c06f569713429c8230421ef39121824fbaa25d97fecb3fedcafc161f0a31c94ce1f4aba02ed830d937ef8bb1c
-
SSDEEP
6144:zloZM+rIkd8g+EtXHkv/iD4rXcqAmB5K5/Cwhl0Ktb8e1mO6i:xoZtL+EP8rXcqAmB5K5/Cwhl0Ov
-
Detect Umbral payload
-
Drops file in Drivers directory
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-