General
-
Target
AIMWARЕ.exe
-
Size
231KB
-
Sample
240526-kstfzsch6x
-
MD5
6a5855afed7e8dfd5585fb9974325ed4
-
SHA1
ed1d76c631c6f759bafc3ad95d9a44d2aea1421b
-
SHA256
8ab8fc29e1ebd9b904d65813e7b33520a132dbec055d5c4cf8f101f67381174b
-
SHA512
78c96cd5c9121cbcae1963d867182285f0aed92dab17e350c0b268278793370a78cac35de9b0b6014573f9a1d7d19af0a8441037fb43bd90d800775492c91583
-
SSDEEP
6144:RloZM+rIkd8g+EtXHkv/iD4Nh6KywvrY6hkijD6Hg+lI8e1msAi:joZtL+EP8X6KywvrY6hkijD6d4jZ
Behavioral task
behavioral1
Sample
AIMWARЕ.exe
Resource
win10v2004-20240426-en
Malware Config
Extracted
umbral
https://discord.com/api/webhooks/1234186783038767154/bfD8b739yPwVGaoq7IAOBItMUvfGQedSEolOJv2mG5JuLedrXSPNeas8U-wg2Y3P3XBu
Targets
-
-
Target
AIMWARЕ.exe
-
Size
231KB
-
MD5
6a5855afed7e8dfd5585fb9974325ed4
-
SHA1
ed1d76c631c6f759bafc3ad95d9a44d2aea1421b
-
SHA256
8ab8fc29e1ebd9b904d65813e7b33520a132dbec055d5c4cf8f101f67381174b
-
SHA512
78c96cd5c9121cbcae1963d867182285f0aed92dab17e350c0b268278793370a78cac35de9b0b6014573f9a1d7d19af0a8441037fb43bd90d800775492c91583
-
SSDEEP
6144:RloZM+rIkd8g+EtXHkv/iD4Nh6KywvrY6hkijD6Hg+lI8e1msAi:joZtL+EP8X6KywvrY6hkijD6d4jZ
-
Detect Umbral payload
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Drops file in Drivers directory
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-