General
-
Target
Silence V2.rar
-
Size
1.3MB
-
Sample
240626-hwq4xs1gmg
-
MD5
ebb4ad7f6d832e3948cbe6977b45c70a
-
SHA1
0ce87dfab53dce5ae53ea55f85c77071bb3993e7
-
SHA256
dc179ef7f50e6aaa312f9aa992a397d014b2fbf219151d639cf4f98b6d2dbad4
-
SHA512
f5bc7cabeccd7cfc1eaff8ae64cdb229accdf91b71719d56894d322fa4a00b90fd10e1b7eed65d84e1bd44d9c907652acc7751394dba91e88e7722afe4755d65
-
SSDEEP
24576:ipuj0WnkUVFJrix6d/YuiGQaes29fmvteYBtUI4reFUS/XvE:ip8kUrNEsefmUYjP4reUl
Static task
static1
Behavioral task
behavioral1
Sample
Silence V2.rar
Resource
win10v2004-20240508-en
Behavioral task
behavioral2
Sample
Silence V2.exe
Resource
win10v2004-20240611-en
Malware Config
Extracted
umbral
https://discord.com/api/webhooks/1242661037388468314/b-NP7qDhXngDoB6CdNXbSrZqZBdCUwxa5k7R0G43X2NEHvaGtjHVsZ3e2VkStAGOjujz
Targets
-
-
Target
Silence V2.rar
-
Size
1.3MB
-
MD5
ebb4ad7f6d832e3948cbe6977b45c70a
-
SHA1
0ce87dfab53dce5ae53ea55f85c77071bb3993e7
-
SHA256
dc179ef7f50e6aaa312f9aa992a397d014b2fbf219151d639cf4f98b6d2dbad4
-
SHA512
f5bc7cabeccd7cfc1eaff8ae64cdb229accdf91b71719d56894d322fa4a00b90fd10e1b7eed65d84e1bd44d9c907652acc7751394dba91e88e7722afe4755d65
-
SSDEEP
24576:ipuj0WnkUVFJrix6d/YuiGQaes29fmvteYBtUI4reFUS/XvE:ip8kUrNEsefmUYjP4reUl
Score3/10 -
-
-
Target
Silence V2.EXE
-
Size
1.4MB
-
MD5
b92e01644e5b593e8f0baa16b3ff9d01
-
SHA1
c09365ce18f7c0262ff1d5e673aac84741df7138
-
SHA256
56bfd3850d503982e6d3e0f7a48ac1252156a509e0054f414f0d678f64af50a7
-
SHA512
213bb3e16800a7f7fa78937c4015ce21e3854a90090ee9f7ef568131a6dde70016689e531dd2440314407dcd6d4c90cc36a2e6f3e2aceb07c89bf76a9c4c252c
-
SSDEEP
24576:6Oy0DmBXDJbwwZXTOas/C4betyp3SVJWX0o+0G+rcxIV0zMqmzXch:M0DmBXDtAt7Ky3SVEX0/0G+joMqmbc
Score10/10-
Detect Umbral payload
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-