General
-
Target
STEALER4000PRO.exe
-
Size
229KB
-
Sample
240512-xvb1yaeg43
-
MD5
bbc777f07f2779e1c776fff6afd594c0
-
SHA1
fc2b7e80ec86b55dcff0f2026fee001c96ae1817
-
SHA256
96622bdc957b5aba6687cdc3de23737ed4775cd49f7be43ead103c40c8b68160
-
SHA512
939809ffd348eb0785e49c23470a2678ab8385d015aa0aab60bdde4a15f8f5cc647bdf8a387d3547a124736a5265b0502d9d55cec4c4c50af547778480aa3f3d
-
SSDEEP
6144:FloZMCrIkd8g+EtXHkv/iD44QjxM+8D/0aVA+Pv+Gfb8e1m8ti:HoZRL+EP8TjxM+8D/0aVA+Pv+k7k
Malware Config
Extracted
umbral
https://discord.com/api/webhooks/1239293106734633151/73v8pJqtEXJAObSGsOMvmLS7ZXjxnQNcVZ5Tlf7q-xhYMT_74OIGR-9lk1-J_taBcFZ9
Targets
-
-
Target
STEALER4000PRO.exe
-
Size
229KB
-
MD5
bbc777f07f2779e1c776fff6afd594c0
-
SHA1
fc2b7e80ec86b55dcff0f2026fee001c96ae1817
-
SHA256
96622bdc957b5aba6687cdc3de23737ed4775cd49f7be43ead103c40c8b68160
-
SHA512
939809ffd348eb0785e49c23470a2678ab8385d015aa0aab60bdde4a15f8f5cc647bdf8a387d3547a124736a5265b0502d9d55cec4c4c50af547778480aa3f3d
-
SSDEEP
6144:FloZMCrIkd8g+EtXHkv/iD44QjxM+8D/0aVA+Pv+Gfb8e1m8ti:HoZRL+EP8TjxM+8D/0aVA+Pv+k7k
Score10/10-
Detect Umbral payload
-
Umbral
Umbral stealer is an opensource moduler stealer written in C#.
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Drops file in Drivers directory
-
Deletes itself
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-