General

  • Target

    pulse.exe

  • Size

    229KB

  • Sample

    240502-fc6zxsbc37

  • MD5

    5edea2e562816e345ef04ef26875c7b0

  • SHA1

    6e3894d1eb6236c238e94efe1cd0f418982a4bd0

  • SHA256

    0e4f60dac056f2c2b989e90990ee53c6c22d1dad6f4b5c033ef0213f0e386bcf

  • SHA512

    366fff12180f37f0e6528ca7c295e615c789c14de6266dd401108133ff20f1db047e590fe1f8a5ed6548e78ce6dbecfc4e84755d5bc5142f55fa16a5981c707d

  • SSDEEP

    6144:lloZM+rIkd8g+EtXHkv/iD4xIyh4+ZRSJ3q459ckNb8e1mxi:noZtL+EP8xIyh4+ZRSJ3q459cUD

Score
10/10

Malware Config

Extracted

Family

umbral

C2

https://discord.com/api/webhooks/1231093581062602752/vcrat7EkKCV38BURmsdzcMmSm7QaSMObalNgUXiYQsrZMhOh6NlibqaXOS4ZDY3Bx3Fl

Targets

    • Target

      pulse.exe

    • Size

      229KB

    • MD5

      5edea2e562816e345ef04ef26875c7b0

    • SHA1

      6e3894d1eb6236c238e94efe1cd0f418982a4bd0

    • SHA256

      0e4f60dac056f2c2b989e90990ee53c6c22d1dad6f4b5c033ef0213f0e386bcf

    • SHA512

      366fff12180f37f0e6528ca7c295e615c789c14de6266dd401108133ff20f1db047e590fe1f8a5ed6548e78ce6dbecfc4e84755d5bc5142f55fa16a5981c707d

    • SSDEEP

      6144:lloZM+rIkd8g+EtXHkv/iD4xIyh4+ZRSJ3q459ckNb8e1mxi:noZtL+EP8xIyh4+ZRSJ3q459cUD

    Score
    10/10
    • Detect Umbral payload

    • Umbral

      Umbral stealer is an opensource moduler stealer written in C#.

    • Drops file in Drivers directory

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks