Extracted

• • Target

    Bloxstrap.exe.exe

  • Size

    231KB

  • MD5

    36abf093e4e50d21988db5942dcceab7

  • SHA1

    86d06b38ea537d6ea3593628af634dc91350072f

  • SHA256

    37f50c45194e4dcf42f6ab6cbc4af6a62fa2ce9ea7c00f4a6e4077262d017c32

  • SHA512

    e4d22106e3d6650d8a508cf32f3dd796c6cc8586ffba143ede9f5eab468be01c660c2c25755fe4a8f1f5c9d6a2f589386844b51315e9a656072ce84ce4c867e7

  • SSDEEP

    6144:xloZM+rIkd8g+EtXHkv/iD40msHmZHMgP6u35EwFaXb8e1mki:DoZtL+EP809HmZHMgP6u35EwFQW

  Score

  10^/10

  umbralcredential_accessdiscoveryexecutionspywarestealer

  • Detect Umbral payload

  • Umbral

    Umbral stealer is an opensource moduler stealer written in C#.

    stealerumbral

  • Credentials from Password Stores: Credentials from Web Browsers

    Malicious Access or copy of Web Browser Credential store.

    credential_accessstealer

  • Command and Scripting Interpreter: PowerShell

    Using powershell.exe command.

    execution

  • Drops file in Drivers directory

  • Deletes itself

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Legitimate hosting services abused for malware hosting/C2

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  behavioral1behavioral2