Resubmissions

28-04-2024 10:07

240428-l52hssde21 10

28-04-2024 10:07

240428-l5nlyade2t 1

28-04-2024 09:45

240428-lq7fhadb5t 7

General

  • Target

    https://github.com/Blank-c/Umbral-Stealer

  • Sample

    240428-l52hssde21

Malware Config

Extracted

Family

umbral

C2

https://www.discord.com/api/webhooks/1223320157972332705/nOvJjF9hRSjecUTLGgLxqqWMB89V8brmaN56EMwZ1dLtayUijDG-AXAPiYwm1Fn14xbw

Targets

    • Target

      https://github.com/Blank-c/Umbral-Stealer

    • Detect Umbral payload

    • Umbral

      Umbral stealer is an opensource moduler stealer written in C#.

    • Drops file in Drivers directory

    • Executes dropped EXE

    • Obfuscated with Agile.Net obfuscator

      Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks