Extracted

• • Target

    clean.exe

  • Size

    229KB

  • MD5

    afc4798057dd3b9a73225e98546c6e72

  • SHA1

    af1a74d8c7be3f1f95fd9e7d6ebfad0fdd105645

  • SHA256

    ec4b26011b3dbc1ee514189ca764e73ce7c2acc7a7f6e9cfa8190c8151484ab7

  • SHA512

    577469a498352b6557941cd9db8ef13711758870b6fa385ae9b9eaec3ad0b786ec6c50a4413d786a75c1af1e5bf3b2673bc8aacb71d539a70ae116ea4bc27ef8

  • SSDEEP

    6144:lloZM9rIkd8g+EtXHkv/iD4lSHJxfEY3umfh8Iti+b8e1m+di:noZmL+EP8lSHJxfEY3umfh8ItZF0

  Score

  10^/10

  umbralexecutionspywarestealer

  • Detect Umbral payload

  • Umbral

    Umbral stealer is an opensource moduler stealer written in C#.

    stealerumbral

  • Command and Scripting Interpreter: PowerShell

    Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    execution

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Legitimate hosting services abused for malware hosting/C2

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  behavioral1