Resubmissions
23-06-2024 10:54
240623-mzjlgasenk 10General
-
Target
Launcher.exe
-
Size
494KB
-
Sample
240623-mzjlgasenk
-
MD5
41c0cc9f53b64c8ade5c65ff831b3255
-
SHA1
120c2f222bd53de2188462deedd0cb2fe52d574b
-
SHA256
e6cff5f372b24b858c8252b4ac04b4fe5dc3726391aefcdd880dd3d946854f82
-
SHA512
4b93075ebfd5a2dc503f38f9c5e1397a390a3f630580057431d702cb16d422e3b6c1098b79c404ad178ce3fb962f0c6a5922d8d4fe0646dcc1d52a3e846b32b3
-
SSDEEP
6144:nloZM9rIkd8g+EtXHkv/iD4uzaiLwiAw18e1mmiXv1DhAYkNRRg:loZOL+EP8uzaswwcdDhA/Nfg
Behavioral task
behavioral1
Sample
Launcher.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
umbral
https://discord.com/api/webhooks/1253833123951673356/_Aooe8ml3fMH9fH1g-DSFNS_Il1heNqN3CVDm0yR8jgQfTfTlzbhLfgtC56Qb7TgXNKt
Targets
-
-
Target
Launcher.exe
-
Size
494KB
-
MD5
41c0cc9f53b64c8ade5c65ff831b3255
-
SHA1
120c2f222bd53de2188462deedd0cb2fe52d574b
-
SHA256
e6cff5f372b24b858c8252b4ac04b4fe5dc3726391aefcdd880dd3d946854f82
-
SHA512
4b93075ebfd5a2dc503f38f9c5e1397a390a3f630580057431d702cb16d422e3b6c1098b79c404ad178ce3fb962f0c6a5922d8d4fe0646dcc1d52a3e846b32b3
-
SSDEEP
6144:nloZM9rIkd8g+EtXHkv/iD4uzaiLwiAw18e1mmiXv1DhAYkNRRg:loZOL+EP8uzaswwcdDhA/Nfg
-
Detect Umbral payload
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Drops file in Drivers directory
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-