General

  • Target

    Silence V2.rar

  • Size

    1.3MB

  • Sample

    240626-hwq4xs1gmg

  • MD5

    ebb4ad7f6d832e3948cbe6977b45c70a

  • SHA1

    0ce87dfab53dce5ae53ea55f85c77071bb3993e7

  • SHA256

    dc179ef7f50e6aaa312f9aa992a397d014b2fbf219151d639cf4f98b6d2dbad4

  • SHA512

    f5bc7cabeccd7cfc1eaff8ae64cdb229accdf91b71719d56894d322fa4a00b90fd10e1b7eed65d84e1bd44d9c907652acc7751394dba91e88e7722afe4755d65

  • SSDEEP

    24576:ipuj0WnkUVFJrix6d/YuiGQaes29fmvteYBtUI4reFUS/XvE:ip8kUrNEsefmUYjP4reUl

Malware Config

Extracted

Family

umbral

C2

https://discord.com/api/webhooks/1242661037388468314/b-NP7qDhXngDoB6CdNXbSrZqZBdCUwxa5k7R0G43X2NEHvaGtjHVsZ3e2VkStAGOjujz

Targets

    • Target

      Silence V2.rar

    • Size

      1.3MB

    • MD5

      ebb4ad7f6d832e3948cbe6977b45c70a

    • SHA1

      0ce87dfab53dce5ae53ea55f85c77071bb3993e7

    • SHA256

      dc179ef7f50e6aaa312f9aa992a397d014b2fbf219151d639cf4f98b6d2dbad4

    • SHA512

      f5bc7cabeccd7cfc1eaff8ae64cdb229accdf91b71719d56894d322fa4a00b90fd10e1b7eed65d84e1bd44d9c907652acc7751394dba91e88e7722afe4755d65

    • SSDEEP

      24576:ipuj0WnkUVFJrix6d/YuiGQaes29fmvteYBtUI4reFUS/XvE:ip8kUrNEsefmUYjP4reUl

    Score
    3/10
    • Target

      Silence V2.EXE

    • Size

      1.4MB

    • MD5

      b92e01644e5b593e8f0baa16b3ff9d01

    • SHA1

      c09365ce18f7c0262ff1d5e673aac84741df7138

    • SHA256

      56bfd3850d503982e6d3e0f7a48ac1252156a509e0054f414f0d678f64af50a7

    • SHA512

      213bb3e16800a7f7fa78937c4015ce21e3854a90090ee9f7ef568131a6dde70016689e531dd2440314407dcd6d4c90cc36a2e6f3e2aceb07c89bf76a9c4c252c

    • SSDEEP

      24576:6Oy0DmBXDJbwwZXTOas/C4betyp3SVJWX0o+0G+rcxIV0zMqmzXch:M0DmBXDtAt7Ky3SVEX0/0G+joMqmbc

    • Detect Umbral payload

    • Umbral

      Umbral stealer is an opensource moduler stealer written in C#.

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Drops file in Drivers directory

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks