Extracted

• • Target

    STEALERRR3000PRO.exe

  • Size

    231KB

  • MD5

    5a006cd74e0225a15746bee6928d62f1

  • SHA1

    a17dabdb634d9667c3590436998252148a5fab92

  • SHA256

    0350fdb32852f781665e056a04f318e94c746612f7b4e3cd430d808c894aae4c

  • SHA512

    59d6b467cf48cf1aafaf13e1acfdd6ae4806403f0bc92e759590b04da4ecd719488300ecd412d92931e7b65daf0ab2229d7a165b31595334676b40942bb30f81

  • SSDEEP

    6144:xloZM9rIkd8g+EtXHkv/iD4gQYPDJ6idFIJbGmTTNb8e1mvmoii:DoZOL+EP8gQYPDJ6idFIJbGmTxro3

  Score

  10^/10

  umbralexecutionspywarestealer

  • Detect Umbral payload

  • Umbral

    Umbral stealer is an opensource moduler stealer written in C#.

    stealerumbral

  • Command and Scripting Interpreter: PowerShell

    Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    execution

  • Drops file in Drivers directory

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Legitimate hosting services abused for malware hosting/C2

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  behavioral1