General
-
Target
test.exe
-
Size
97KB
-
Sample
240809-m5zjwazdmk
-
MD5
76e3b500026a13b38f9f898f54db8d38
-
SHA1
25a2c9fac994627ad49067f132ee0d320025f23b
-
SHA256
0996384cead0e1be85b7c15efc3db74bed7cef7513766d0ec8bf5026274ea6a5
-
SHA512
15e974221e1da794fae0abc4f3e4c1c67631b3bc0b4a95df4bb31912de5831d9470b90217e90d347ceab8a5a0623663fe99d9be27155598408f009a3b5fd4f93
-
SSDEEP
1536:r7fbN3eEDhDPA/pICdUkbBtW7upvaLU0bI5taxKo0IOlnToIf/wTA+J/pOg:n7DhdC6kzWypvaQ0FxyNTBf/Q
Static task
static1
Behavioral task
behavioral1
Sample
test.exe
Resource
win7-20240708-en
Malware Config
Targets
-
-
Target
test.exe
-
Size
97KB
-
MD5
76e3b500026a13b38f9f898f54db8d38
-
SHA1
25a2c9fac994627ad49067f132ee0d320025f23b
-
SHA256
0996384cead0e1be85b7c15efc3db74bed7cef7513766d0ec8bf5026274ea6a5
-
SHA512
15e974221e1da794fae0abc4f3e4c1c67631b3bc0b4a95df4bb31912de5831d9470b90217e90d347ceab8a5a0623663fe99d9be27155598408f009a3b5fd4f93
-
SSDEEP
1536:r7fbN3eEDhDPA/pICdUkbBtW7upvaLU0bI5taxKo0IOlnToIf/wTA+J/pOg:n7DhdC6kzWypvaQ0FxyNTBf/Q
-
Detect Umbral payload
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Blocklisted process makes network request
-
Download via BitsAdmin
-
Downloads MZ/PE file
-
Drops file in Drivers directory
-
Possible privilege escalation attempt
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Modifies file permissions
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Sets desktop wallpaper using registry
-
MITRE ATT&CK Enterprise v15
Defense Evasion
BITS Jobs
1File and Directory Permissions Modification
1Hide Artifacts
1Hidden Files and Directories
1Modify Registry
1