Overview

overview

10

Static

static

3

FATALITY crack.rar

windows10-1703-x64

3

FATALITY c...TY.exe

windows10-1703-x64

10

FATALITY c...or.dll

windows10-1703-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    FATALITY crack.rar

  • Size

    262KB

  • Sample

    240723-v3t6da1dpr

  • MD5

    6f83d45a76075e0d66894de6864c72ff

  • SHA1

    b262629f4e7f66991cde84bf9eb3f09337f052c0

  • SHA256

    47cf91642bc874355d72f1c4f696bff16a21f797298a0e4a45627b48f8312f47

  • SHA512

    060c14339a57884f344e26dc41d7bf80d3d3568d74c34ad22b42d20435a78fe64782c62185751bdc53fe8cc4491ab846a91511bcc1d34b5d78e46500321275f5

  • SSDEEP

    6144:Dj7tyysf04LVGdE6q+/QYzwaXIkQo2zHmuCPA3ALTCl9OR4:DXTs8EVGC63/QYzw8iGuF3AabOy

Score
10/10
umbralxwormdiscoveryexecutionpersistenceratstealertrojan

Malware Config

Extracted

Family

xworm

C2

technology-various.gl.at.ply.gg:29919

Attributes
  • Install_directory

    %AppData%

  • install_file

    Windows Defender.exe

Extracted

Family

umbral

C2

https://discordapp.com/api/webhooks/1265055151446818938/8qlqTfX2kKSRcNCB_ui_biHNYYtoz-JAuCWgqM04dhYNoHnyDKjKpgi3chJusMHz6139

Targets

    • Target

      FATALITY crack.rar

    • Size

      262KB

    • MD5

      6f83d45a76075e0d66894de6864c72ff

    • SHA1

      b262629f4e7f66991cde84bf9eb3f09337f052c0

    • SHA256

      47cf91642bc874355d72f1c4f696bff16a21f797298a0e4a45627b48f8312f47

    • SHA512

      060c14339a57884f344e26dc41d7bf80d3d3568d74c34ad22b42d20435a78fe64782c62185751bdc53fe8cc4491ab846a91511bcc1d34b5d78e46500321275f5

    • SSDEEP

      6144:Dj7tyysf04LVGdE6q+/QYzwaXIkQo2zHmuCPA3ALTCl9OR4:DXTs8EVGC63/QYzw8iGuF3AabOy

    Score
    3/10
    behavioral1

    • Target

      FATALITY crack/FATALITY.exe

    • Size

      528KB

    • MD5

      bbf3615f2a8a9b9bcddcbed8da9db09f

    • SHA1

      2d307ff6e7b8a94331f49c27605fe26de415c7d8

    • SHA256

      1885e517df6e315357016b5b0f96dedc86b58f5d163a20fa688dae41d3a7fb51

    • SHA512

      6f0b0c61a1b94c6725f925cdbb72baf834281100ae7f03892265cd584c29666a52aadadddbe3e5e4811c0151ce711f46fe16b1828a2a2ad2b56de4b3e3556acf

    • SSDEEP

      6144:70mlZXPQf8X0Xhm4LzKx/T5yQc9TyPJ1RAyAwjXIRydhoVJmnJZgSCq15P7nMalY:B2nhOxg9eCwjWydhoVKgSX1x7nluEG

    Score
    10/10
    umbralxwormdiscoveryexecutionpersistenceratstealertrojan

    • Detect Umbral payload

    • Detect Xworm Payload

    • Umbral

      Umbral stealer is an opensource moduler stealer written in C#.

      stealerumbral

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

      execution

    • Drops startup file

    • Executes dropped EXE

    • Adds Run key to start application

      persistence

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral2

    • Target

      FATALITY crack/injector.dll

    • Size

      170KB

    • MD5

      2bdf6c2175922c0c7b8fc10b475171fe

    • SHA1

      d965953a56f441578ecf809e750f9dae722eeb22

    • SHA256

      3cf2bc9edea167b1d820352d6f98f1793a6f381a8de7e04f5ab1dc27811408f7

    • SHA512

      17458f631850dfd3bfd0f243b072741e2020a2e9f80e86a2aeced40742d5eba99447f646050c2c95090622e78c75505cae8aa8d09dc261c832e5b5d2e34f9b1b

    • SSDEEP

      768:Tdddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddd/:P

    Score
    1/10
    behavioral3

MITRE ATT&CK Enterprise v15

Tasks