General

  • Target

    stealer v2.exe

  • Size

    678KB

  • Sample

    240422-q6n2bacd2z

  • MD5

    942c8ba962017c3f597a54c44c9f57be

  • SHA1

    bc06cee1fc7c218fe0732f6e13c95cb141fd3b2d

  • SHA256

    fe9b415107f164c76a286b93f647b0501fb83e4dd7f839ab7fec9639c55084ae

  • SHA512

    dee865eca7a6a206c1b197e711494118e6fb696ea3497971ea50222550202eb062d30d49f1814c57d80756fc4cb4c340119a65c895acc9f54f6c1c3820517de8

  • SSDEEP

    12288:Riny90J6VGAQWUJFRjynsW+xUid6IeJO70Nv9cpzolz/:RoyJCNJFlysPd6RJOC4zolz/

Malware Config

Extracted

Family

umbral

C2

https://discord.com/api/webhooks/1231373922524598342/SZ4ChwOih600qv0UuiVxKSVU3wzAKLa2uHxdzmR7pdCC3h5QB7aPcVnGRyY3wZSRS0VF

Targets

    • Target

      stealer v2.exe

    • Size

      678KB

    • MD5

      942c8ba962017c3f597a54c44c9f57be

    • SHA1

      bc06cee1fc7c218fe0732f6e13c95cb141fd3b2d

    • SHA256

      fe9b415107f164c76a286b93f647b0501fb83e4dd7f839ab7fec9639c55084ae

    • SHA512

      dee865eca7a6a206c1b197e711494118e6fb696ea3497971ea50222550202eb062d30d49f1814c57d80756fc4cb4c340119a65c895acc9f54f6c1c3820517de8

    • SSDEEP

      12288:Riny90J6VGAQWUJFRjynsW+xUid6IeJO70Nv9cpzolz/:RoyJCNJFlysPd6RJOC4zolz/

    • Detect Umbral payload

    • Umbral

      Umbral stealer is an opensource moduler stealer written in C#.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Adds Run key to start application

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks