Extracted

• • Target

    Launcher.exe

  • Size

    495KB

  • MD5

    398b7fccfa2d8fd240a5032a20e57200

  • SHA1

    2e9bb06c985765930abd4d8e4734d48fc9db476b

  • SHA256

    6c37b3d7cba096ed83d54a1c31ca265f79567e4b4b9339d1f07b18b5013182d3

  • SHA512

    aef4ca14b00598603aab35dbb3f02a264007d3f14533c59fc6e5040f138f19c2d414de6fa62860ea91e5b80d8e57e2297c30bbc837a0bf15490a758d80ba4c4c

  • SSDEEP

    12288:9oZtL+EP8jM1jfVeGJCMFXSy3l7JDhA/Nfg:LI8w1jfVeGJCMFXSy3l9lA/Nfg

  Score

  10^/10

  umbralexecutionspywarestealer

  • Detect Umbral payload

  • Umbral

    Umbral stealer is an opensource moduler stealer written in C#.

    stealerumbral

  • Command and Scripting Interpreter: PowerShell

    Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    execution

  • Drops file in Drivers directory

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Legitimate hosting services abused for malware hosting/C2

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  behavioral1