Extracted

• • Target

    dead-payload.exe

  • Size

    254KB

  • MD5

    25a2522c3853f29cea7396fcd3e70c7c

  • SHA1

    188fced84fffb29a17ce8828ac90911665512386

  • SHA256

    6f79fb9f7c9883bc3151bd95bd88f6e0b3f86c4b0f536a8f099a55656d922766

  • SHA512

    3140244dafd52f55574eb18250c0b2710c1276b134ba0747d13e233501fbf7324f8d7b92080a94c6006a8983a190e9953f942e8cba1b1a79eb851608986512d4

  • SSDEEP

    6144:K4oZoAeVHPtHgTIAaZgCwDx7axHU0unC28ejI817:xoZyHPvWCwjXCsII

  Score

  10^/10

  umbralstealerexecutionspyware

  • Detect Umbral payload

  • Umbral

    Umbral stealer is an opensource moduler stealer written in C#.

    stealerumbral

  • Command and Scripting Interpreter: PowerShell

    Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    execution

  • Drops file in Drivers directory

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Legitimate hosting services abused for malware hosting/C2

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  behavioral1behavioral2