umbral | ea24a1aae83844683cbff898b52368d08ea8727855ea1478570745727cdac30a | Triage

Sharing

General

Target

asdaw.zip
Size

1.2MB
Sample

240514-cn4gdsfa6y
MD5

6da8ae1fced623eb19b87d433b42e3f2
SHA1

c24d259ab8d918b9684073f7e9b6ff08fa411146
SHA256

ea24a1aae83844683cbff898b52368d08ea8727855ea1478570745727cdac30a
SHA512

e5025c4080e8caa726b80331b471ca80dc2da2959871752df239e67060dcc7a3f47c4a0e5a8a2717860decd432e833282722f17e77ef0583a8246bcbc7b4aea5
SSDEEP

12288:zp+h1POjmw5rA9ttGWsHOC4aUODwk5bbcSvH8fZ48rvj6:zp+h1WYfZBj6

Score

10^/10

umbral execution spyware stealer

Malware Config

Extracted

Family

umbral

C2

https://discord.com/api/webhooks/1233439262771515533/StaLUQOk6fesQAC6do8J2TvpMCRKBj7Mlo5ZRurU5EoQ6VPV6ANYC5mro9NHnKsZHZ2h

Targets

- Target
  
  PeIDK890XoXo.exe
- Size
  
  265KB
- MD5
  
  5920cf2aaa91ab76acd20fd132972402
- SHA1
  
  4f3d461f1b419839e4527f0e21b5779685c63e27
- SHA256
  
  8c7cc262eeb367bf7a4fb1539c0af24a2c363930249e8945048808c27fe687c5
- SHA512
  
  bb3b0ea84a232c7d6bde426f5da5ef15fcaba4227a705b727e9e6e0a45a3a5b819a7be309f542b6574f3d351accd34d5c131d186b5a352ba0c263113faceb9d5
- SSDEEP
  
  6144:FloZM+rIkd8g+EtXHkv/iD4M1vvGELns4d42X3WxRb8e1mUi2k:HoZtL+EP8M1vvGELns4d42X3Wz62k
Score

10^/10

umbral execution spyware stealer
- Detect Umbral payload
- Umbral
  Umbral stealer is an opensource moduler stealer written in C#.
  stealer umbral
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Drops file in Drivers directory
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

umbralexecutionspywarestealer