Extracted

• • Target

    runtime.exe-cleaned.xex

  • Size

    237KB

  • MD5

    46393ff2b520d8bda33fd91b4d665df7

  • SHA1

    09578afe920c3645b594e9dfcb6ed740d4004ba8

  • SHA256

    386f5d72b857d35535ec5fbb48d107b4f16d869c4d08255b3626467dbea7e7c8

  • SHA512

    022c610c7fa3d97699917f067253278cf37b648017669621f9f6ca1ab4a02a8e8b4bd468fde1f54d068a5b87f38ae64642d12a12f7056054783eae7c0a93e647

  • SSDEEP

    6144:u7y5qD1ckBGLMcB+tdHkv/oAGHW0IBtP6xnQ/R8e1m5A:uW5q4xB+7LHOBtln

  Score

  10^/10

  umbralexecutionspywarestealer

  • Detect Umbral payload

  • Umbral

    Umbral stealer is an opensource moduler stealer written in C#.

    stealerumbral

  • Command and Scripting Interpreter: PowerShell

    Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    execution

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Legitimate hosting services abused for malware hosting/C2

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  behavioral1