General
-
Target
crackgroup.exe
-
Size
231KB
-
Sample
240804-n3grqayeqd
-
MD5
2d1b35b5d718c37ac6cf1daf74668c5c
-
SHA1
3db5006dbbb6cb3eb4a999823aebe3cd34e883f7
-
SHA256
0d40285ecea52026970582f409dc872e807b08bff8dae8d80586abb970561390
-
SHA512
118b13219915396427a2c25e1516cbe441ddad08cca0038ddb2a35967bb1ff2017fd6de554a95db68caf91119bee4076df61461ed35ceef8f8b0f07b5c930752
-
SSDEEP
6144:RloZMNrIkd8g+EtXHkv/iD48O94vFuW568VHCCHkqb8e1m8Mdi:joZmL+EP88O94vFuW568VHCCHrPM0
Behavioral task
behavioral1
Sample
crackgroup.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
crackgroup.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
umbral
https://discord.com/api/webhooks/1269231535564001326/-DNI1DVGwiK_7lLyYmcI6Sv3019WqD3npLPhCO2Tq59p_TFJXb7iYY74NuLR9AOskph3
Targets
-
-
Target
crackgroup.exe
-
Size
231KB
-
MD5
2d1b35b5d718c37ac6cf1daf74668c5c
-
SHA1
3db5006dbbb6cb3eb4a999823aebe3cd34e883f7
-
SHA256
0d40285ecea52026970582f409dc872e807b08bff8dae8d80586abb970561390
-
SHA512
118b13219915396427a2c25e1516cbe441ddad08cca0038ddb2a35967bb1ff2017fd6de554a95db68caf91119bee4076df61461ed35ceef8f8b0f07b5c930752
-
SSDEEP
6144:RloZMNrIkd8g+EtXHkv/iD48O94vFuW568VHCCHkqb8e1m8Mdi:joZmL+EP88O94vFuW568VHCCHrPM0
Score10/10-
Detect Umbral payload
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-