General
-
Target
Umbral.exe
-
Size
231KB
-
Sample
240526-wkqwnsfe88
-
MD5
e9e39a33854ca8af45f6048dd49f265b
-
SHA1
d19011ba34adf3135335aa9839d24e1b5c5dde71
-
SHA256
e5da8ebc635776269ddceed41b6b6c0860071dafbe121b3fa17e63d01effd26c
-
SHA512
703fdc9b9d086329a7273138920904fa0bf3d9917c0db74fcba1853bf1ecd42fd3144725238104e98ebac95f31da5d38551b3f97fb6c72ffdd0c60dbdc4d35cf
-
SSDEEP
6144:YOSAnvuqXLUirFMWyW1bYcUNSzNc0jqatc2J8e1mvSTU:vDqyFMWyW1bYcUNSzNc0jqIj2T
Malware Config
Extracted
umbral
https://discord.com/api/webhooks/1217768046605766696/gn6PUBb8r8h-ssnZZH9n8QvTpzjMoBR_xyAAZJ3G_7VPtrVhrvMFld8uZyrHHcP957xT
Targets
-
-
Target
Umbral.exe
-
Size
231KB
-
MD5
e9e39a33854ca8af45f6048dd49f265b
-
SHA1
d19011ba34adf3135335aa9839d24e1b5c5dde71
-
SHA256
e5da8ebc635776269ddceed41b6b6c0860071dafbe121b3fa17e63d01effd26c
-
SHA512
703fdc9b9d086329a7273138920904fa0bf3d9917c0db74fcba1853bf1ecd42fd3144725238104e98ebac95f31da5d38551b3f97fb6c72ffdd0c60dbdc4d35cf
-
SSDEEP
6144:YOSAnvuqXLUirFMWyW1bYcUNSzNc0jqatc2J8e1mvSTU:vDqyFMWyW1bYcUNSzNc0jqIj2T
Score10/10-
Detect Umbral payload
-
Umbral
Umbral stealer is an opensource moduler stealer written in C#.
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-