Extracted

• • Target

    Umbral.exe

  • Size

    229KB

  • MD5

    518a530502d5793fddad2cf074af8850

  • SHA1

    6ff6542721e9cf284129daf442c193911dda8367

  • SHA256

    c9284451e9c756e38ee65feed1db743bc535066136851e71c707402607e06501

  • SHA512

    232768823683c549468b0a11122a4c4831d528ad5861f1930714d9c7840405ac3fb145e7a8d85a3b14d6f92d93e41be692176755fb590bdfb6295cd80788c545

  • SSDEEP

    6144:lloZM+rIkd8g+EtXHkv/iD4deC+pNbYMTgqL9Y0hBpb8e1meIi:noZtL+EP8deC+pNbYMTgqL9Y0h/R

  Score

  10^/10

  umbralstealerexecutionspyware

  • Detect Umbral payload

  • Umbral

    Umbral stealer is an opensource moduler stealer written in C#.

    stealerumbral

  • Command and Scripting Interpreter: PowerShell

    Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    execution

  • Drops file in Drivers directory

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Legitimate hosting services abused for malware hosting/C2

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  behavioral1behavioral2