umbral

General

Target

Complex Tournament Softaim Cracked.zip
Size

183KB
Sample

240629-vd8x8s1fqg
MD5

02d29e806f02e22f2d274d90eea8ac1e
SHA1

4e148ee958507d4c95c6c2bfc6e1b06a9247abd8
SHA256

b9d84636a9359f58b03287d8e8db195c45d6557b02f657073144707db483f001
SHA512

fe7fd15a84a5dbcce5c7bb50af4e027da20d5894ffcc7aecebdea5e103197bb65b1651cca155f2157e499b6d2cde567af40ad41a9f7d4eccb53ada066b32f0d4
SSDEEP

3072:zOQzoglORysSkUoqxqwbdORjBTMRp7mLo2GJCUSwvzFV7W5ION99T3BN9xQC+glx:1qysfXqxRORpqmLoFJpXbFhWR99TBNj3

Score

10^/10

Malware Config

Extracted

Family

umbral

C2

https://discord.com/api/webhooks/1159859843717402645/rPr6nWXT3yXsIfoH38ZYpVO7dm40ImyIWNe39st7RgX7PaKdVbLCSDliBS9sRNMEmXMk

Targets

- Target
  
  CheatLoader.DLL
- Size
  
  65KB
- MD5
  
  cea842e7e40b63e64888f71901779aa7
- SHA1
  
  d46126847457934a3f50f972f26db9acae9bfe4a
- SHA256
  
  0cb539002f237d37884e40e3bc26f18b68f4249ff72860386376235061426c0f
- SHA512
  
  9bd35b802e6b3214536580e84fd14a5d324239b2d128c8125e1df88ea7922d9f6cadbf8f766b92fade0915f2c05fe05e111c56bf0622bdd2535b6f632839a79a
- SSDEEP
  
  1536:aAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC:n
Score

3^/10

execution
behavioral1 behavioral2
- Target
  
  Complex Softaim Cracked.exe
- Size
  
  293KB
- MD5
  
  6dad101a84200598ebab60f17bee37a4
- SHA1
  
  41e48f77329c1ce4cf165de9008bdf790af6947a
- SHA256
  
  174e2a9c2a37b2650d9a10421b880572cbd5a87440eb77b85398be00c2228a24
- SHA512
  
  00cbe80d83c8512dfa474f1c6e7bd85f8207748cb1ffc2c3cfa3a28cc551096add77af722283557e8cdc398d0bc9c551d0f9f0d19b6efb5356bc0e0611155201
- SSDEEP
  
  6144:GloZMFrIkd8g+EtXHkv/iD4UaIH+n9GuBk0dP6aPcQb8e1mviI:woZOL+EP8UaIH+n9GuBk0dP6aP1tI
Score

10^/10

umbral execution spyware stealer
- Detect Umbral payload
- Umbral
  Umbral stealer is an opensource moduler stealer written in C#.
  stealer umbral
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral3 behavioral4
- Target
  
  DLL Injector.exe
- Size
  
  232KB
- MD5
  
  3e87aa76b31c95481d99fb7960ce96f4
- SHA1
  
  bcd61df3abd7245df27a250996138675b258f01e
- SHA256
  
  8c18bb102c70d83000ae6d6f784da47b86a78359b2e6edfbfe915cb16ccb9a2a
- SHA512
  
  574d79517027edd422d857272d8a14d751c0b64851e2bd0cf6a698a56284a0b17783a209d405d09542b4c3fc044af2b02304293d4522a169cde8da684350c6dc
- SSDEEP
  
  6144:8loZMLrIkd8g+EtXHkv/iD4rPS0pbhS6F6AxDeebfHb8e1mo5iH/:aoZ0L+EP8rPS0pbhS6F6AxDeebLGH/
Score

10^/10

umbral execution spyware stealer
- Detect Umbral payload
- Umbral
  Umbral stealer is an opensource moduler stealer written in C#.
  stealer umbral
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Drops file in Drivers directory
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral5 behavioral6