General
-
Target
NetflixCE.exe
-
Size
228KB
-
Sample
240423-yh4qvsbc97
-
MD5
07d06d04c3094604382fa3d66c6bc5de
-
SHA1
4ecde9567e8592f121bed011c12c920dc32f431b
-
SHA256
46d2d186cc16096c591ec5374de36c4d0c4fceb024f4f602e3c9d6df20a1a676
-
SHA512
f7c82984984ed922dafff7ea6e6ea70c1caca3d6e4e4539209a6974a5bb8cdb8e9bdb4cb2faaa01e9af8a5e24543ceddae49d569a5e1f59a3ce80e9326b09d50
-
SSDEEP
6144:+loZM+rIkd8g+EtXHkv/iD4G1x+cCFdWdj+ctBIYlb8e1mCc7i:ooZtL+EP8G1x+cCFdWdj+ctBI00W
Behavioral task
behavioral1
Sample
NetflixCE.exe
Resource
win7-20240221-en
Malware Config
Extracted
umbral
https://discord.com/api/webhooks/1232389230211371039/nONf5XEIRu2G2diXGoICrdJUmKxgbQLYScVNbWdXlrpLKSBuMxg68Cb7QYJPNyp-4O-t
Targets
-
-
Target
NetflixCE.exe
-
Size
228KB
-
MD5
07d06d04c3094604382fa3d66c6bc5de
-
SHA1
4ecde9567e8592f121bed011c12c920dc32f431b
-
SHA256
46d2d186cc16096c591ec5374de36c4d0c4fceb024f4f602e3c9d6df20a1a676
-
SHA512
f7c82984984ed922dafff7ea6e6ea70c1caca3d6e4e4539209a6974a5bb8cdb8e9bdb4cb2faaa01e9af8a5e24543ceddae49d569a5e1f59a3ce80e9326b09d50
-
SSDEEP
6144:+loZM+rIkd8g+EtXHkv/iD4G1x+cCFdWdj+ctBIYlb8e1mCc7i:ooZtL+EP8G1x+cCFdWdj+ctBI00W
-
Detect Umbral payload
-
Drops file in Drivers directory
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-