Extracted

• • Target

    Fixer1.exe

  • Size

    229KB

  • MD5

    c983a88386a45445f30fefba68596cb0

  • SHA1

    98448dca5a7d9d893148f361401260f600c082de

  • SHA256

    fff5e75a847e42b873cc8af76960e9ef47ff8e2f23055c52af4f304541440cec

  • SHA512

    d76a25f7f037aaf4e4a820836434d080d7fa7188afbbb7810c724ab8a4da13b88ac407c85d04b59074d6ab0f448879dfcc13d1e14f807fcb8ec16320da0a8ef9

  • SSDEEP

    6144:9loZM+rIkd8g+EtXHkv/iD4I/DAecjfUH1gevPeNtb8e1moBi:foZtL+EP8I/DAecjfUH1gevPenxY

  Score

  10^/10

  umbralexecutionspywarestealer

  • Detect Umbral payload

  • Umbral

    Umbral stealer is an opensource moduler stealer written in C#.

    stealerumbral

  • Command and Scripting Interpreter: PowerShell

    Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    execution

  • Drops file in Drivers directory

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Legitimate hosting services abused for malware hosting/C2

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  behavioral1