General
-
Target
UNBANNED-GG-PERM-10-18-23.rar
-
Size
180KB
-
Sample
240602-cbjlfsfe44
-
MD5
4daaa0647664f656f9028dee3651116e
-
SHA1
5ae3a1b02b8452f7848ebc5b350a0d182ad003d7
-
SHA256
5e9b07ad114b05286b58dc0e888e3aa102d207a1beac3d90a32518d837b2887f
-
SHA512
a9c015770af3757c62f0c37dc445fee1c8981440d3e57de0fad3071d052b0d0081c3d626b7795e151d6e970aa332d0364074ab8db14fd4908ad444ebcaf8f7dd
-
SSDEEP
3072:Bg5CA8G++T5CTCRf85k2HSWstiwB084VED5s/pqlv8TaIjtGu:BE55CTQf85k/t7MVlnTaIz
Behavioral task
behavioral1
Sample
UNBANNED-GG-PERM-10-18-23/loader.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
umbral
https://discordapp.com/api/webhooks/1246463015998586960/d4v_qESsKe8s7VticwxHvyytkOUO321t7x3oNxoyCNYQuwczEVfPUDFWHLnPpAM4tNJ_
Targets
-
-
Target
UNBANNED-GG-PERM-10-18-23/loader.exe
-
Size
365KB
-
MD5
cbd720ad4f7be1c099ec22f56ee61dd6
-
SHA1
9989030c7ea1756e1834c464688d418e773919fc
-
SHA256
20be105c4a33ebf77ef4db7e8b6ebbb39b156fe1dd16473a7255903f33b76846
-
SHA512
2ad87fdf5046be22eec58fe71326ab0bcc2a2ca019e1b5519ec1ecbdfbb83731a254c7f400ca48cacb9917da6c85d41a913aa0f8f5b21408a3f2d1e8895e9740
-
SSDEEP
6144:UsLqdufVUNDa4loZM3fsXtioRkts/cnnK6cMlibJksyVtGXTOMdRYspb8e1m+Fii:PFUNDamoZ1tlRk83MlibJksyVtGXTOMX
Score10/10-
Detect Umbral payload
-
Modifies visiblity of hidden/system files in Explorer
-
Executes dropped EXE
-
Adds Run key to start application
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Hide Artifacts
1Hidden Files and Directories
1Modify Registry
2