Resubmissions

27-04-2024 22:30

240427-2faxjsac8z 10

27-04-2024 22:14

240427-15m3qshf69 10

General

  • Target

    immortal.bin.exe

  • Size

    1.1MB

  • Sample

    240427-15m3qshf69

  • MD5

    9e511d399fbc2bf0c2d45302dc62be61

  • SHA1

    3100c1c0c5f98b1a7bccef0cdcfde6b34e38992b

  • SHA256

    ce8f179e7e29d4f28f1c5039808e82c198264183166069d8ad567f63275c74a8

  • SHA512

    7e4560bd6e76d181b47f44eca0a7195cb905e852ed2a94308cad57576a16c62335256978c73ddac275d736423c5c6a9a4eed648090847ee80e8183be77c04486

  • SSDEEP

    24576:fO29aTBMPYvJnXAvKhO7CMbNdCrty7ARVJ3g6cbhbZxvI:G29adQt3CrtWQcb3xv

Score
10/10

Malware Config

Targets

    • Target

      immortal.bin.exe

    • Size

      1.1MB

    • MD5

      9e511d399fbc2bf0c2d45302dc62be61

    • SHA1

      3100c1c0c5f98b1a7bccef0cdcfde6b34e38992b

    • SHA256

      ce8f179e7e29d4f28f1c5039808e82c198264183166069d8ad567f63275c74a8

    • SHA512

      7e4560bd6e76d181b47f44eca0a7195cb905e852ed2a94308cad57576a16c62335256978c73ddac275d736423c5c6a9a4eed648090847ee80e8183be77c04486

    • SSDEEP

      24576:fO29aTBMPYvJnXAvKhO7CMbNdCrty7ARVJ3g6cbhbZxvI:G29adQt3CrtWQcb3xv

    Score
    10/10
    • Detect Umbral payload

    • Umbral

      Umbral stealer is an opensource moduler stealer written in C#.

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Matrix ATT&CK v13

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Command and Control

Web Service

1
T1102

Tasks