General
-
Target
Umbral.exe
-
Size
229KB
-
Sample
240610-fqwfcacd8w
-
MD5
aaf99a08d4968f6c8b4dffea65e508b5
-
SHA1
99d6d8d218dc7a07cb8dbf009ed474782babd4d9
-
SHA256
30ac9d27fe86c00f827876cb245deedf7f8f4cbb16f4359fda4beb0cf8183d73
-
SHA512
9bf219952fca4d62f85bf565804e03901ec9d2b77d59e8600f2276a867bd8e6b516f4ee68527b481f11ff4df6ed4da77a438de1c1f386f8eae54e7797a63e696
-
SSDEEP
6144:9loZM9rIkd8g+EtXHkv/iD4DcSP4+ZRSe3q459cgYb8e1mDi:foZOL+EP8DcSP4+ZRSe3q459clF
Behavioral task
behavioral1
Sample
Umbral.exe
Resource
win7-20240221-en
Malware Config
Extracted
umbral
https://discord.com/api/webhooks/1249007822545621105/lIYWehahvoMIbDERS3j5Uq_Y96bmWma5CxEszXK2nvldB8Ztc-7U-KY4N_IUtSC3fMqB
Targets
-
-
Target
Umbral.exe
-
Size
229KB
-
MD5
aaf99a08d4968f6c8b4dffea65e508b5
-
SHA1
99d6d8d218dc7a07cb8dbf009ed474782babd4d9
-
SHA256
30ac9d27fe86c00f827876cb245deedf7f8f4cbb16f4359fda4beb0cf8183d73
-
SHA512
9bf219952fca4d62f85bf565804e03901ec9d2b77d59e8600f2276a867bd8e6b516f4ee68527b481f11ff4df6ed4da77a438de1c1f386f8eae54e7797a63e696
-
SSDEEP
6144:9loZM9rIkd8g+EtXHkv/iD4DcSP4+ZRSe3q459cgYb8e1mDi:foZOL+EP8DcSP4+ZRSe3q459clF
-
Detect Umbral payload
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Drops file in Drivers directory
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-