General
-
Target
ElectricLauncher.7z
-
Size
51.5MB
-
Sample
240702-rc5bwazdmm
-
MD5
cdb5e0ea8a50e1ed5e80f2fc70883550
-
SHA1
b5075928e63a609ca7b61748a989de77fc092439
-
SHA256
01342213b45659a27b48f65b73b7043b84faba91ca8f80963560d824097e5ed1
-
SHA512
73fc72b19754f72ca6122c132851e2a7f95573d7f11a78ac01020a1fdd84e9fe54425de044814f517618224e6c9045ea1316b67f55976f19ae276fbc76e4e8b8
-
SSDEEP
786432:D1hq7lbHq0joZGThd/SLAqWBHK4A5ffZfewdfONYYGfXF6uIfrNaEU8ruVGwQeB+:DW9Hq0jy8hp9qW41ZWq3XF6S8rKB+
Malware Config
Extracted
umbral
https://discord.com/api/webhooks/1255446681881935924/gRYfgvy5PUJSvSEKVIBTwClcrDYNNTYWbdq4ABW28G1MgE8sEIvS9WFO0VdZkLKmw4gc
Targets
-
-
Target
ElectricLauncher.7z
-
Size
51.5MB
-
MD5
cdb5e0ea8a50e1ed5e80f2fc70883550
-
SHA1
b5075928e63a609ca7b61748a989de77fc092439
-
SHA256
01342213b45659a27b48f65b73b7043b84faba91ca8f80963560d824097e5ed1
-
SHA512
73fc72b19754f72ca6122c132851e2a7f95573d7f11a78ac01020a1fdd84e9fe54425de044814f517618224e6c9045ea1316b67f55976f19ae276fbc76e4e8b8
-
SSDEEP
786432:D1hq7lbHq0joZGThd/SLAqWBHK4A5ffZfewdfONYYGfXF6uIfrNaEU8ruVGwQeB+:DW9Hq0jy8hp9qW41ZWq3XF6S8rKB+
Score10/10-
Detect Umbral payload
-
Umbral
Umbral stealer is an opensource moduler stealer written in C#.
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-