General
-
Target
988e18df0a992354434f712880cc3fc7b2037392736138be3b8758bd889065fb
-
Size
80KB
-
Sample
240806-q5papavckc
-
MD5
9e423431f76b9c8bca70c52f24b114b6
-
SHA1
b708c68d85a0ccda3f2e6d003f6e79510b1d751f
-
SHA256
988e18df0a992354434f712880cc3fc7b2037392736138be3b8758bd889065fb
-
SHA512
911101f81acae115e19cd6d18e48470e508ebb28d2d890493419244c844d9da38b4241d3fc27b4013a57d74982d07d2be28742f1ef27a3e2de826ae2b598408b
-
SSDEEP
1536:iEeuZoNt1RLvd2p4z7vQyxt19+8eeZfh/qz9jxbFjk8pn:iKiDvd2gvQyj199niz9jxBj7
Behavioral task
behavioral1
Sample
Cheat.exe
Resource
win7-20240704-en
Malware Config
Extracted
umbral
https://discord.com/api/webhooks/1269544483859599445/e2idHKRsjakk7thlYC4A6RFw8GsohFMmJRGGfCEcDvdxIcB5zC8g3vIMNBfMP0varopk
Targets
-
-
Target
Cheat.exe
-
Size
229KB
-
MD5
57b52820e80bbf21cb91858308b64a43
-
SHA1
681de078a2bab05ff51d6b211a6136cd0a4cf5c5
-
SHA256
cad17c73e90686eee88e8e73039d69d0969a544a20d324cb30efe4849bf22be2
-
SHA512
981daa6346b6887d92fc77e865a9de661ebdf5216cca2c05a2817b28833a02a07ae5c64d181990dd0d86971e740a44e709b058a50cbef146066e00bce6628454
-
SSDEEP
6144:tloZMcrIkd8g+EtXHkv/iD49XVt8il92+De8NhoMi2b8e1m4ohi:voZrL+EP89XVt8il92+De8NhoQG4
-
Detect Umbral payload
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Deletes itself
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1