General
-
Target
z1Proforma_invo.bat
-
Size
232KB
-
Sample
240724-qe5jzsxbqr
-
MD5
7ebd033260b1e54dff5afd7c6534cf33
-
SHA1
cfb7040938237156fa3795755c77eecd7957bc39
-
SHA256
e00bcdcd800b56caf0a0f25595a24631eacaaa1f3be35ba99e2e3af0f469ba9e
-
SHA512
18175d028e1a0541c3c3f8221173c4e9004a14a4642bf34c6cb7ec660facb74f5c91e5ee8d8677d833cc5fe6d067ea6cb40e641524d909056b8daedc21d2682f
-
SSDEEP
6144:FAWrhrgGAavaCnw8PaaEnyLzdyWEklez+3PDUi4WQZ5q:KWr5Mt+wezdTeK3LUi1QZM
Static task
static1
Behavioral task
behavioral1
Sample
z1Proforma_invo.bat
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
z1Proforma_invo.bat
Resource
win10v2004-20240709-en
Malware Config
Extracted
umbral
https://discord.com/api/webhooks/1263026563675455508/40rqdx690bYgnTu5DlgourQDtU8ZayQ2_Y8DutOY8G3wIW-x3nALBQHeaH44QkXBTtII
Targets
-
-
Target
z1Proforma_invo.bat
-
Size
232KB
-
MD5
7ebd033260b1e54dff5afd7c6534cf33
-
SHA1
cfb7040938237156fa3795755c77eecd7957bc39
-
SHA256
e00bcdcd800b56caf0a0f25595a24631eacaaa1f3be35ba99e2e3af0f469ba9e
-
SHA512
18175d028e1a0541c3c3f8221173c4e9004a14a4642bf34c6cb7ec660facb74f5c91e5ee8d8677d833cc5fe6d067ea6cb40e641524d909056b8daedc21d2682f
-
SSDEEP
6144:FAWrhrgGAavaCnw8PaaEnyLzdyWEklez+3PDUi4WQZ5q:KWr5Mt+wezdTeK3LUi1QZM
Score10/10-
Detect Umbral payload
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Blocklisted process makes network request
-
Drops file in Drivers directory
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-