Extracted

• • Target

    Launcher.exe

  • Size

    494KB

  • MD5

    4dec21ccd049843072fadf1b3309d2a9

  • SHA1

    f7524ef6805b5702e19e4ecc41b216362e408563

  • SHA256

    47bc79f3e02009ba8291f7abcf299a964d767af4125e4b3f3fb055d14763f931

  • SHA512

    f5866734316e372b0a9e3520cbb1ecc02b994de46c19780daec275687f8cd1b5aa64bbab1ae8b00a051d9ab6384f846633bc0210b9ff3b8abb9cc5f9cf399908

  • SSDEEP

    12288:doZtL+EP8zHeo9rI8jX67NokRZqdDhA/Nfg:rI8Leo9rI8jX67NokRZMlA/Nfg

  Score

  10^/10

  umbralexecutionspywarestealer

  • Detect Umbral payload

  • Umbral

    Umbral stealer is an opensource moduler stealer written in C#.

    stealerumbral

  • Command and Scripting Interpreter: PowerShell

    Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    execution

  • Drops file in Drivers directory

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Legitimate hosting services abused for malware hosting/C2

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  behavioral1