General

  • Target

    https://cdn.discordapp.com/attachments/1231358831897088012/1233516767071043655/Umbral.exe?ex=662d6182&is=662c1002&hm=a3eca0624bde300b165073c384e80ff117d134e4eeaf365cc1ea0ae1329c9648&

  • Sample

    240426-zd5m2abg32

Score
10/10

Malware Config

Targets

    • Target

      https://cdn.discordapp.com/attachments/1231358831897088012/1233516767071043655/Umbral.exe?ex=662d6182&is=662c1002&hm=a3eca0624bde300b165073c384e80ff117d134e4eeaf365cc1ea0ae1329c9648&

    Score
    10/10
    • Detect Umbral payload

    • Umbral

      Umbral stealer is an opensource moduler stealer written in C#.

    • Downloads MZ/PE file

    • Drops file in Drivers directory

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks