General
-
Target
stealer v2.exe
-
Size
678KB
-
Sample
240422-q6n2bacd2z
-
MD5
942c8ba962017c3f597a54c44c9f57be
-
SHA1
bc06cee1fc7c218fe0732f6e13c95cb141fd3b2d
-
SHA256
fe9b415107f164c76a286b93f647b0501fb83e4dd7f839ab7fec9639c55084ae
-
SHA512
dee865eca7a6a206c1b197e711494118e6fb696ea3497971ea50222550202eb062d30d49f1814c57d80756fc4cb4c340119a65c895acc9f54f6c1c3820517de8
-
SSDEEP
12288:Riny90J6VGAQWUJFRjynsW+xUid6IeJO70Nv9cpzolz/:RoyJCNJFlysPd6RJOC4zolz/
Static task
static1
Behavioral task
behavioral1
Sample
stealer v2.exe
Resource
win10v2004-20240412-en
Behavioral task
behavioral2
Sample
stealer v2.exe
Resource
win7-20240221-en
Behavioral task
behavioral3
Sample
stealer v2.exe
Resource
win10-20240404-en
Behavioral task
behavioral4
Sample
stealer v2.exe
Resource
win10v2004-20240412-en
Behavioral task
behavioral5
Sample
stealer v2.exe
Resource
win11-20240412-en
Malware Config
Extracted
umbral
https://discord.com/api/webhooks/1231373922524598342/SZ4ChwOih600qv0UuiVxKSVU3wzAKLa2uHxdzmR7pdCC3h5QB7aPcVnGRyY3wZSRS0VF
Targets
-
-
Target
stealer v2.exe
-
Size
678KB
-
MD5
942c8ba962017c3f597a54c44c9f57be
-
SHA1
bc06cee1fc7c218fe0732f6e13c95cb141fd3b2d
-
SHA256
fe9b415107f164c76a286b93f647b0501fb83e4dd7f839ab7fec9639c55084ae
-
SHA512
dee865eca7a6a206c1b197e711494118e6fb696ea3497971ea50222550202eb062d30d49f1814c57d80756fc4cb4c340119a65c895acc9f54f6c1c3820517de8
-
SSDEEP
12288:Riny90J6VGAQWUJFRjynsW+xUid6IeJO70Nv9cpzolz/:RoyJCNJFlysPd6RJOC4zolz/
Score10/10-
Detect Umbral payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-