General
-
Target
Loader(1).exe
-
Size
495KB
-
Sample
240612-t8xm1swarn
-
MD5
6c200e0e8ddc021a16094bd07c17b1b6
-
SHA1
faa1dba99441d84898171d9ec2962955235183e9
-
SHA256
837e540ab292132a621130757c1d5f1738f83e44568847e9278472eac3dc3046
-
SHA512
bd5e8d976dbdad7d8f5511d777a0998f3d831054b7d3dad2d0a9969ddd622a519b63c1b06b677fef16c90f9ed9de226b25be6ca5f11752a053d6669ce726a15f
-
SSDEEP
12288:doZ1tlRk83MlgvNh0ad1+F7mEl5Qw5nTiii/Izoqs2PiixJ:G5r39Nh0ad1+F7mEl5QwFzoqs2
Behavioral task
behavioral1
Sample
Loader(1).exe
Resource
win10-20240404-en
Behavioral task
behavioral2
Sample
Loader(1).exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
umbral
https://discordapp.com/api/webhooks/1250210609493180540/EIPBZ3YdZ5w5YcRIO6f1LfLpmEqxvPYjSIyR1VF8Vq8yhqkWJkzZ4iXosQ9u7wa-RKex
Targets
-
-
Target
Loader(1).exe
-
Size
495KB
-
MD5
6c200e0e8ddc021a16094bd07c17b1b6
-
SHA1
faa1dba99441d84898171d9ec2962955235183e9
-
SHA256
837e540ab292132a621130757c1d5f1738f83e44568847e9278472eac3dc3046
-
SHA512
bd5e8d976dbdad7d8f5511d777a0998f3d831054b7d3dad2d0a9969ddd622a519b63c1b06b677fef16c90f9ed9de226b25be6ca5f11752a053d6669ce726a15f
-
SSDEEP
12288:doZ1tlRk83MlgvNh0ad1+F7mEl5Qw5nTiii/Izoqs2PiixJ:G5r39Nh0ad1+F7mEl5QwFzoqs2
-
Detect Umbral payload
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Drops file in Drivers directory
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-