General
-
Target
Baff-Client.exe
-
Size
2.5MB
-
Sample
240430-wwtrpsee96
-
MD5
9fd0f7db06bff594211a07bf5a8d0c5f
-
SHA1
16d1c8cbf0e88d6f3072496e2cf2e23aa9a8b73c
-
SHA256
c2fe031b82902573e409659f73e1dd19ac2ce404bcc6d15d2f2d41f5988294b6
-
SHA512
d7d1cd5ca652c7a503f71c0f2f606ee8f71ea88b65d2cfebae65e794134bead7612c4684967a2d5f514aaebb0d4aa7eecb74ca8910536e656bcc65cfcaa18c27
-
SSDEEP
49152:9u+uYrkM0Xfv7AMVjp96KqkQQ/+MPZrzru8Rtw:9pE7X6KqJoVvu8
Static task
static1
Behavioral task
behavioral1
Sample
Baff-Client.exe
Resource
win10v2004-20240226-en
Malware Config
Targets
-
-
Target
Baff-Client.exe
-
Size
2.5MB
-
MD5
9fd0f7db06bff594211a07bf5a8d0c5f
-
SHA1
16d1c8cbf0e88d6f3072496e2cf2e23aa9a8b73c
-
SHA256
c2fe031b82902573e409659f73e1dd19ac2ce404bcc6d15d2f2d41f5988294b6
-
SHA512
d7d1cd5ca652c7a503f71c0f2f606ee8f71ea88b65d2cfebae65e794134bead7612c4684967a2d5f514aaebb0d4aa7eecb74ca8910536e656bcc65cfcaa18c27
-
SSDEEP
49152:9u+uYrkM0Xfv7AMVjp96KqkQQ/+MPZrzru8Rtw:9pE7X6KqJoVvu8
Score10/10-
Detect Umbral payload
-
Creates new service(s)
-
Stops running service(s)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-