Extracted

• • Target

    Stealer.exe

  • Size

    227KB

  • MD5

    1d9aea272c24a72800c6448b30883296

  • SHA1

    f2bf74dbaca750d00fc3e62a525fc16b26b8ce8b

  • SHA256

    3aa5fd9be59e523761738140b7a5906a3672a3b75827dad09911e3280f98680d

  • SHA512

    14925fd6f85f4f58a8bd10937d7326b4cf44ed8fb11d3333ba5f7c1f2755c5d005dc8dca9edb5a03b81b5e86c50f267bf779633c1241719cb39bac5e122b07b5

  • SSDEEP

    6144:+loZM+rIkd8g+EtXHkv/iD4eBVnrRiK1ZwBzOur8xb8e1mLi:ooZtL+EP8eBVnrRiK1ZwBzOurwF

  Score

  10^/10

  umbralexecutionspywarestealer

  • Detect Umbral payload

  • Umbral

    Umbral stealer is an opensource moduler stealer written in C#.

    stealerumbral

  • Command and Scripting Interpreter: PowerShell

    Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    execution

  • Drops file in Drivers directory

  • Deletes itself

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Legitimate hosting services abused for malware hosting/C2

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  behavioral1behavioral2