Extracted

• • Target

    rnZ46.scr.exe

  • Size

    227KB

  • MD5

    fe415b65db443f8d7e3aa075d79b4a72

  • SHA1

    71fa4604b053ac55c7afa5a2d87ea0bcf8d0a116

  • SHA256

    0bb64c9c095b99117d8250f97cda9a257985ce3ba6b5891796c7ece426b61ed0

  • SHA512

    dc715d2c938f22446f155afa615adbee775eb7abdc688b204037eccadd435490be3ab0fe6b2a9d493cb357de5730e864ffb842c42dc3051671a7fbc9a9117fb8

  • SSDEEP

    6144:+loZM9rIkd8g+EtXHkv/iD4W9YhFzQEbmCzFQMpi+b8e1mSPi:ooZOL+EP8W9YhFzQEbmCzFQMp9Pa

  Score

  10^/10

  umbralcredential_accessdiscoveryexecutionspywarestealer

  • Detect Umbral payload

  • Umbral

    Umbral stealer is an opensource moduler stealer written in C#.

    stealerumbral

  • Credentials from Password Stores: Credentials from Web Browsers

    Malicious Access or copy of Web Browser Credential store.

    credential_accessstealer

  • Command and Scripting Interpreter: PowerShell

    Using powershell.exe command.

    execution

  • Command and Scripting Interpreter: PowerShell

    Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    execution

  • Drops file in Drivers directory

  • Deletes itself

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Legitimate hosting services abused for malware hosting/C2

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  behavioral1behavioral2