Extracted

• • Target

    CsGo 2 Cheat/undetek-v6.9.3.exe

  • Size

    230KB

  • MD5

    516758abff2f243a0cba24669f96c751

  • SHA1

    6a7dd5a986c4b213cb624212137b9132f0c4ef21

  • SHA256

    47c501095d9096a3c2837d2312f3c51b679964e2c40426e5f9a245b7b5b66939

  • SHA512

    7b254602e70075f02b3d19a2a8f669d4a8f5a0c1b5278fd2b4e154b3668d1cfea00da80984395a80da62c232e1b69320725992a14183642a579fb0b98c147162

  • SSDEEP

    6144:TloZM+rIkd8g+EtXHkv/iD4lvuPT5KyNv4ZL22jOjb8e1mYi:RoZtL+EP8lvuPT5KyNv4ZL22jg2

  Score

  10^/10

  umbralexecutionstealerspyware

  • Detect Umbral payload

  • Umbral

    Umbral stealer is an opensource moduler stealer written in C#.

    stealerumbral

  • Command and Scripting Interpreter: PowerShell

    Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    execution

  • Drops file in Drivers directory

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Legitimate hosting services abused for malware hosting/C2

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  behavioral1behavioral2