Extracted

• • Target

    nezur update open first.exe

  • Size

    229KB

  • MD5

    2e5281fab74e8820fbc43f452e58ee3c

  • SHA1

    7f65af8151e0bb4d151151ca60a6b4424ab14f5b

  • SHA256

    586244c03ace07d74308daba5ce9d49ac2cde473e6c686aadc6e4b2627e5093c

  • SHA512

    0a1125678e89d2f4124980a4ed42effea78d0857ada7eb76a79c97275ae8df2ab8dee71f24d7376fe1c08e28e8739ddbb49322e1d1ee70e48a536e2165d97708

  • SSDEEP

    6144:tloZM+rIkd8g+EtXHkv/iD4+DYlywvrYshkijD6/JN8e1mmUdei:voZtL+EP8+DYlywvrYshkijD6Hvk

  Score

  10^/10

  umbralexecutionspywarestealer

  • Detect Umbral payload

  • Umbral

    Umbral stealer is an opensource moduler stealer written in C#.

    stealerumbral

  • Command and Scripting Interpreter: PowerShell

    Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    execution

  • Drops file in Drivers directory

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Legitimate hosting services abused for malware hosting/C2

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  behavioral1