General
-
Target
executor.exe
-
Size
230KB
-
Sample
240615-hwcars1hme
-
MD5
6d36622e437d5f0bbeb1e43ee49ffe35
-
SHA1
98751d0a048e319fec614ae26c1c78c86a048300
-
SHA256
7561ef67b210e8d30d71700ca0288c5d391adc968988db16eeac209b7cb5941e
-
SHA512
10f21503c75bded2ce97b260792581d7abf7f633d29cff93251957dad2fd184911160e1dbac19d7325703d0163a2b34e728be07de273dcbbbe87f41da6a1f13e
-
SSDEEP
6144:lloZM+rIkd8g+EtXHkv/iD40naJUBPUonXWvRsY9Mcb8e1mh5ui:noZtL+EP80naJUBPUonXWvRsY95OD
Behavioral task
behavioral1
Sample
executor.exe
Resource
win7-20240221-en
Malware Config
Extracted
umbral
https://discord.com/api/webhooks/1250415107909877781/1IHWX-A_B5LAE4exMzEQBSl89081t9nd5M3o6kddoQT_fkImb8DiRCDij_A_dYoEuLQh
Targets
-
-
Target
executor.exe
-
Size
230KB
-
MD5
6d36622e437d5f0bbeb1e43ee49ffe35
-
SHA1
98751d0a048e319fec614ae26c1c78c86a048300
-
SHA256
7561ef67b210e8d30d71700ca0288c5d391adc968988db16eeac209b7cb5941e
-
SHA512
10f21503c75bded2ce97b260792581d7abf7f633d29cff93251957dad2fd184911160e1dbac19d7325703d0163a2b34e728be07de273dcbbbe87f41da6a1f13e
-
SSDEEP
6144:lloZM+rIkd8g+EtXHkv/iD40naJUBPUonXWvRsY9Mcb8e1mh5ui:noZtL+EP80naJUBPUonXWvRsY95OD
-
Detect Umbral payload
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Drops file in Drivers directory
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-