General
-
Target
pulse.exe
-
Size
229KB
-
Sample
240502-fc6zxsbc37
-
MD5
5edea2e562816e345ef04ef26875c7b0
-
SHA1
6e3894d1eb6236c238e94efe1cd0f418982a4bd0
-
SHA256
0e4f60dac056f2c2b989e90990ee53c6c22d1dad6f4b5c033ef0213f0e386bcf
-
SHA512
366fff12180f37f0e6528ca7c295e615c789c14de6266dd401108133ff20f1db047e590fe1f8a5ed6548e78ce6dbecfc4e84755d5bc5142f55fa16a5981c707d
-
SSDEEP
6144:lloZM+rIkd8g+EtXHkv/iD4xIyh4+ZRSJ3q459ckNb8e1mxi:noZtL+EP8xIyh4+ZRSJ3q459cUD
Malware Config
Extracted
umbral
https://discord.com/api/webhooks/1231093581062602752/vcrat7EkKCV38BURmsdzcMmSm7QaSMObalNgUXiYQsrZMhOh6NlibqaXOS4ZDY3Bx3Fl
Targets
-
-
Target
pulse.exe
-
Size
229KB
-
MD5
5edea2e562816e345ef04ef26875c7b0
-
SHA1
6e3894d1eb6236c238e94efe1cd0f418982a4bd0
-
SHA256
0e4f60dac056f2c2b989e90990ee53c6c22d1dad6f4b5c033ef0213f0e386bcf
-
SHA512
366fff12180f37f0e6528ca7c295e615c789c14de6266dd401108133ff20f1db047e590fe1f8a5ed6548e78ce6dbecfc4e84755d5bc5142f55fa16a5981c707d
-
SSDEEP
6144:lloZM+rIkd8g+EtXHkv/iD4xIyh4+ZRSJ3q459ckNb8e1mxi:noZtL+EP8xIyh4+ZRSJ3q459cUD
-
Detect Umbral payload
-
Drops file in Drivers directory
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-