Extracted

• • Target

    Katana Cod/KatanaBeta.exe

  • Size

    229KB

  • MD5

    f6f744441dfded289e9f80124b42cd7b

  • SHA1

    e097b009936023a9f7672bc1fb956ad45a07e9ad

  • SHA256

    a6691d55b146c79be7721277050c0f6c11130fa826cda7d78a4d529afefe3221

  • SHA512

    4cfec12b594cad710954dc25dee05b185c4917640d6ccd3778487a40ee73b0d08bc7cdd8787b2a9d331783d3de9d52535f8ed73b82a2de22331e4b81b49b1e6d

  • SSDEEP

    6144:FloZM3fsXtioRkts/cnnK6cMl8Eru0ad1+t7mEl5Q77b8e1mCSni:HoZ1tlRk83Ml8Eru0ad1+t7mEl5QTQi

  Score

  10^/10

  umbralcredential_accessdiscoveryexecutionspywarestealer

  • Detect Umbral payload

  • Umbral

    Umbral stealer is an opensource moduler stealer written in C#.

    stealerumbral

  • Credentials from Password Stores: Credentials from Web Browsers

    Malicious Access or copy of Web Browser Credential store.

    credential_accessstealer

  • Command and Scripting Interpreter: PowerShell

    Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    execution

  • Drops file in Drivers directory

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  behavioral1

• • Target

    Katana Cod/Key.bat

  • Size

    170B

  • MD5

    2764b21ad2de14120c5112b2c1f6dc86

  • SHA1

    b8abe759e209d15a680e2489b92b09e459eeb78d

  • SHA256

    dac55f22844c85a10ba5e31c7d8bb4736006c95ebaa40a8ec1170949825b971f

  • SHA512

    efbc9f35ccb1e2f075f18750bf250d2223a50f6a164cfd1781197e3eec171d945e8c3854608df0281eca2bc55e8901d5f81761841d5f78e66e04f9a8a1c3d428

  Score

  1^/10
  behavioral2