Resubmissions

23-06-2024 10:54

240623-mzjlgasenk 10

General

  • Target

    Launcher.exe

  • Size

    494KB

  • Sample

    240623-mzjlgasenk

  • MD5

    41c0cc9f53b64c8ade5c65ff831b3255

  • SHA1

    120c2f222bd53de2188462deedd0cb2fe52d574b

  • SHA256

    e6cff5f372b24b858c8252b4ac04b4fe5dc3726391aefcdd880dd3d946854f82

  • SHA512

    4b93075ebfd5a2dc503f38f9c5e1397a390a3f630580057431d702cb16d422e3b6c1098b79c404ad178ce3fb962f0c6a5922d8d4fe0646dcc1d52a3e846b32b3

  • SSDEEP

    6144:nloZM9rIkd8g+EtXHkv/iD4uzaiLwiAw18e1mmiXv1DhAYkNRRg:loZOL+EP8uzaswwcdDhA/Nfg

Malware Config

Extracted

Family

umbral

C2

https://discord.com/api/webhooks/1253833123951673356/_Aooe8ml3fMH9fH1g-DSFNS_Il1heNqN3CVDm0yR8jgQfTfTlzbhLfgtC56Qb7TgXNKt

Targets

    • Target

      Launcher.exe

    • Size

      494KB

    • MD5

      41c0cc9f53b64c8ade5c65ff831b3255

    • SHA1

      120c2f222bd53de2188462deedd0cb2fe52d574b

    • SHA256

      e6cff5f372b24b858c8252b4ac04b4fe5dc3726391aefcdd880dd3d946854f82

    • SHA512

      4b93075ebfd5a2dc503f38f9c5e1397a390a3f630580057431d702cb16d422e3b6c1098b79c404ad178ce3fb962f0c6a5922d8d4fe0646dcc1d52a3e846b32b3

    • SSDEEP

      6144:nloZM9rIkd8g+EtXHkv/iD4uzaiLwiAw18e1mmiXv1DhAYkNRRg:loZOL+EP8uzaswwcdDhA/Nfg

    • Detect Umbral payload

    • Umbral

      Umbral stealer is an opensource moduler stealer written in C#.

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Drops file in Drivers directory

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks