General

  • Target

    NetflixCE.exe

  • Size

    228KB

  • Sample

    240423-yh4qvsbc97

  • MD5

    07d06d04c3094604382fa3d66c6bc5de

  • SHA1

    4ecde9567e8592f121bed011c12c920dc32f431b

  • SHA256

    46d2d186cc16096c591ec5374de36c4d0c4fceb024f4f602e3c9d6df20a1a676

  • SHA512

    f7c82984984ed922dafff7ea6e6ea70c1caca3d6e4e4539209a6974a5bb8cdb8e9bdb4cb2faaa01e9af8a5e24543ceddae49d569a5e1f59a3ce80e9326b09d50

  • SSDEEP

    6144:+loZM+rIkd8g+EtXHkv/iD4G1x+cCFdWdj+ctBIYlb8e1mCc7i:ooZtL+EP8G1x+cCFdWdj+ctBI00W

Score
10/10

Malware Config

Extracted

Family

umbral

C2

https://discord.com/api/webhooks/1232389230211371039/nONf5XEIRu2G2diXGoICrdJUmKxgbQLYScVNbWdXlrpLKSBuMxg68Cb7QYJPNyp-4O-t

Targets

    • Target

      NetflixCE.exe

    • Size

      228KB

    • MD5

      07d06d04c3094604382fa3d66c6bc5de

    • SHA1

      4ecde9567e8592f121bed011c12c920dc32f431b

    • SHA256

      46d2d186cc16096c591ec5374de36c4d0c4fceb024f4f602e3c9d6df20a1a676

    • SHA512

      f7c82984984ed922dafff7ea6e6ea70c1caca3d6e4e4539209a6974a5bb8cdb8e9bdb4cb2faaa01e9af8a5e24543ceddae49d569a5e1f59a3ce80e9326b09d50

    • SSDEEP

      6144:+loZM+rIkd8g+EtXHkv/iD4G1x+cCFdWdj+ctBIYlb8e1mCc7i:ooZtL+EP8G1x+cCFdWdj+ctBI00W

    Score
    10/10
    • Detect Umbral payload

    • Umbral

      Umbral stealer is an opensource moduler stealer written in C#.

    • Drops file in Drivers directory

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks