umbral | 4641bea6ae464a8c278a7e0529f754c08f60edc46ecf63b5b4c8775df8c54649 | Triage

Sharing

General

Target

7bc6b8054abd6114c35c454c071c7290_NeikiAnalytics.exe
Size

231KB
Sample

240603-zar8jahg64
MD5

7bc6b8054abd6114c35c454c071c7290
SHA1

c88749c113c114d0fe437f4f701b9402a6d11e92
SHA256

4641bea6ae464a8c278a7e0529f754c08f60edc46ecf63b5b4c8775df8c54649
SHA512

4a0cdc2e0b86cacb92f684faec19764882653e75d7d66c37e9da0dec08b6beaadea432c161f1eda9e596ff14bea88c42af51c6837c954b3d3252beebd85991fe
SSDEEP

6144:RloZM+rIkd8g+EtXHkv/iD4vTIgiAfbofxUyzzq2Ab8e1mT8Ti:joZtL+EP8vTIgiAfbofxUyzzqzK9

Score

10^/10

umbral execution spyware stealer

Malware Config

Extracted

Family

umbral

C2

https://discord.com/api/webhooks/1246232317215903755/k1xdEK7NXg9Ud5aRps3d0dup6SCVr7oTrOvl5rUZFNMqDY9YqVHX9ED6ruz0decwjSyA

Targets

- Target
  
  7bc6b8054abd6114c35c454c071c7290_NeikiAnalytics.exe
- Size
  
  231KB
- MD5
  
  7bc6b8054abd6114c35c454c071c7290
- SHA1
  
  c88749c113c114d0fe437f4f701b9402a6d11e92
- SHA256
  
  4641bea6ae464a8c278a7e0529f754c08f60edc46ecf63b5b4c8775df8c54649
- SHA512
  
  4a0cdc2e0b86cacb92f684faec19764882653e75d7d66c37e9da0dec08b6beaadea432c161f1eda9e596ff14bea88c42af51c6837c954b3d3252beebd85991fe
- SSDEEP
  
  6144:RloZM+rIkd8g+EtXHkv/iD4vTIgiAfbofxUyzzq2Ab8e1mT8Ti:joZtL+EP8vTIgiAfbofxUyzzqzK9
Score

10^/10

umbral stealer execution spyware
- Detect Umbral payload
- Umbral
  Umbral stealer is an opensource moduler stealer written in C#.
  stealer umbral
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Drops file in Drivers directory
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

umbralexecutionspywarestealer