General
-
Target
Bootstrapper.rar
-
Size
82KB
-
Sample
240725-2ga9psygjl
-
MD5
b6239313b2a348d25566bb26f261eea9
-
SHA1
1e88f30ad4fcdf76d67eba3da7800e2a4a1f2913
-
SHA256
ca96eb38942e5c7f637142d52b2e8bcac496a4520b73dab10ae1ad313d79cbd3
-
SHA512
d259cb05b1e62a25c6cace0dbee79de85a65516b7e63f6846df4bb11067f95cd90f092b1e5efca91dd6e6794cb39ab7025f6a51cab95a430a6da50781a8794ba
-
SSDEEP
1536:lPq7crTA5PU/GViK9dI3/N/rqqAE8bnjDbiHVoe8q3zO0hM/A20QDf:lCI2oGEId6/Mnj/i6jpiM/AYf
Malware Config
Extracted
umbral
https://discord.com/api/webhooks/1266158047521411174/7HstskM8QaROZPuijRHfx82NSHiKFwISRrGdP6nBOBuiOBLNEo87k87rhsgSKKjZ__79
Targets
-
-
Target
Bootstrapper.exe
-
Size
231KB
-
MD5
76da32bccf3ded8acf92d025e19324e0
-
SHA1
3a9d9c6c68ec7ebfdc015b276bbc4d4e59f50a69
-
SHA256
1974381d4a09db47060411d723079fffc960ab922b54b20323d80a1dfeefe60b
-
SHA512
4f93c06348defd7f11c1db76ae0353ce73a0c743809f9efb675ca2caa0285ccbe21aedbe119f0f508ea8bcd8a62c5ad9f21536f6349c504f39d9648928c27bf9
-
SSDEEP
6144:xloZM+rIkd8g+EtXHkv/iD4DakxPlO2Zsc1niinRVb8e1mhi:DoZtL+EP8DakxPlO2Zsc1niin7T
Score10/10-
Detect Umbral payload
-
Umbral
Umbral stealer is an opensource moduler stealer written in C#.
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Command and Scripting Interpreter: PowerShell
Using powershell.exe command.
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Drops file in Drivers directory
-
Deletes itself
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1