umbral | 8615172da6f2114f1a7b0b41050f6a3556b725d5f8aec82cc4558504137e4299 | Triage

Submit
Reports

Overview

overview

Static

static

MinecraftCheat.exe

windows7-x64

MinecraftCheat.exe

windows10-2004-x64

Sharing

General

Target

MinecraftCheat.exe
Size

231KB
Sample

240605-mx6m8ade3t
MD5

20384d9a8661d8d1c6baeba964939ba0
SHA1

e44f61df3bc54d183d673235b29cf1669c978dcc
SHA256

8615172da6f2114f1a7b0b41050f6a3556b725d5f8aec82cc4558504137e4299
SHA512

4384c8c5b05ca17191c5c3636808adc84ede226dd56c15fed4127aea830d141f920079a3e3fef6bca688911ca0185336cdf327bbbed57f8f311162a83032e578
SSDEEP

6144:RloZM9rIkd8g+EtXHkv/iD4fNPjpaC9Hop7mGzY8vI8e1m1Ji:joZOL+EP8fNPjpaC9Hop7mGzgqQ

Score

10^/10

umbral execution spyware stealer

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

MinecraftCheat.exe

Resource

win7-20240508-en

umbral execution spyware stealer

windows7-x64

17 signatures

150 seconds

Behavioral task

behavioral2

Sample

MinecraftCheat.exe

Resource

win10v2004-20240226-en

umbral execution spyware stealer

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Extracted

Family

umbral

C2

https://discord.com/api/webhooks/1247863670193786953/uhEecI9mXTqtTxrrZ3szFIc6tljBLxaaV_u2nDSM-ifuzaikK5Rp-LUeoymh7HdiyCVU

Targets

- Target
  
  MinecraftCheat.exe
- Size
  
  231KB
- MD5
  
  20384d9a8661d8d1c6baeba964939ba0
- SHA1
  
  e44f61df3bc54d183d673235b29cf1669c978dcc
- SHA256
  
  8615172da6f2114f1a7b0b41050f6a3556b725d5f8aec82cc4558504137e4299
- SHA512
  
  4384c8c5b05ca17191c5c3636808adc84ede226dd56c15fed4127aea830d141f920079a3e3fef6bca688911ca0185336cdf327bbbed57f8f311162a83032e578
- SSDEEP
  
  6144:RloZM9rIkd8g+EtXHkv/iD4fNPjpaC9Hop7mGzY8vI8e1m1Ji:joZOL+EP8fNPjpaC9Hop7mGzgqQ
Score

10^/10

umbral execution spyware stealer
- Detect Umbral payload
- Umbral
  Umbral stealer is an opensource moduler stealer written in C#.
  stealer umbral
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Drops file in Drivers directory
- Deletes itself
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

System Information Discovery

Remote System Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Web Service

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

umbralexecutionspywarestealer

behavioral2

umbralexecutionspywarestealer

© 2018-2024

Terms | Privacy