General
-
Target
https://gofile.io/d/ccMNId
-
Sample
240812-29ccga1ckc
Score
10/10
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://gofile.io/d/ccMNId
Resource
win10v2004-20240802-en
windows10-2004-x64
19 signatures
1800 seconds
Malware Config
Targets
-
-
Target
https://gofile.io/d/ccMNId
Score10/10-
Detect Umbral payload
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Drops file in Drivers directory
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-