General
-
Target
PulseLoader 3.4 x64.exe
-
Size
234KB
-
Sample
240509-cl5axafe34
-
MD5
dece225e18c1c2791fed6062c97a6322
-
SHA1
06d68036d8da0fb7b45a33bcfc14d8f72c9e68a8
-
SHA256
e13794d15691acbbd898adcbbca15b903ee738c46ad7237d5d8e018385eeb4e0
-
SHA512
1c1da44b6aa350751877ddda9d7d12b087bc9c4cbf73449bacbdcb2a4a510f92dbfb21f11f9e5613a9cb9ad570dd9096ebe278b6cd4d066c344975e1c8e76350
-
SSDEEP
6144:MloZM+rIkd8g+EtXHkv/iD4xIyh4+ZRSJ3q459ckNb8e1mxi:KoZtL+EP8xIyh4+ZRSJ3q459cUD
Malware Config
Extracted
umbral
https://discord.com/api/webhooks/1231093581062602752/vcrat7EkKCV38BURmsdzcMmSm7QaSMObalNgUXiYQsrZMhOh6NlibqaXOS4ZDY3Bx3Fl
Targets
-
-
Target
PulseLoader 3.4 x64.exe
-
Size
234KB
-
MD5
dece225e18c1c2791fed6062c97a6322
-
SHA1
06d68036d8da0fb7b45a33bcfc14d8f72c9e68a8
-
SHA256
e13794d15691acbbd898adcbbca15b903ee738c46ad7237d5d8e018385eeb4e0
-
SHA512
1c1da44b6aa350751877ddda9d7d12b087bc9c4cbf73449bacbdcb2a4a510f92dbfb21f11f9e5613a9cb9ad570dd9096ebe278b6cd4d066c344975e1c8e76350
-
SSDEEP
6144:MloZM+rIkd8g+EtXHkv/iD4xIyh4+ZRSJ3q459ckNb8e1mxi:KoZtL+EP8xIyh4+ZRSJ3q459cUD
Score10/10-
Detect Umbral payload
-
Umbral
Umbral stealer is an opensource moduler stealer written in C#.
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-