General
-
Target
TOKEN_BOT.rar
-
Size
82KB
-
Sample
240607-t5sjwscb85
-
MD5
d66e3c99b231e3b1959b70e3dff357ff
-
SHA1
433ca2a167b73ac819e25e732ba7b6a940cbc43b
-
SHA256
6afc8f233e1d02de92ab0dad9bb3724ab5b868c5ca59cfd52df6bc384ae1cf36
-
SHA512
7240783b5ed71d5b5cef0deebef4da78e5894d7d446fb3b095042c75a4ec8362f2a01f402e186d65af29bb04c2dde089e8f0d73e6235da0a1b3828f64a5beeed
-
SSDEEP
1536:eJmMWtcXkWyDYhBptyJX1WiRlcbCn5D7+D8wPa49oPeOrp8S3HSMFdOf7N:emMWjWnBzy3WiR95X+D8wi49BK8eHTMJ
Behavioral task
behavioral1
Sample
TOKEN BOT.exe
Resource
win7-20240508-en
Malware Config
Extracted
umbral
https://discord.com/api/webhooks/1248666183935459388/H6xZG6F-jgkil3oNGNbSG0sboMZrkd4X59oyn0uqV3zJKxfSnkoPhlPZOuDT23hTub4I
Targets
-
-
Target
TOKEN BOT.exe
-
Size
231KB
-
MD5
6237b7bfdeef6aa9095852ac74ab5e6e
-
SHA1
deaf71a3709b52817cdfe5aec902507c8b89b36b
-
SHA256
b4aff6f798705f34a3edf6b528a71aa2dbbeb6d71299799eb1042a09822af2f6
-
SHA512
263e769b21fc67f6ccb3c3135b66635cfb12af503b3d90bcc304a1d0b3f7a2524df630c2f3d2dbb968eb5296569e77a49aa66e0627eaea7d5df89c761454541d
-
SSDEEP
6144:RloZMQrIkd8g+EtXHkv/iD4vBLU69VewbGkFZw1fUtLJU8e1mci:joZ3L+EP8vBLU69VewbGkFZwlkL42
-
Detect Umbral payload
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Drops file in Drivers directory
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-