General
-
Target
57725f9d6fe867414481c9174b761df1.bin
-
Size
89KB
-
Sample
240822-bqgjzavdkq
-
MD5
8410c6f78da6ff5f4241695833d74991
-
SHA1
62c975febf1cfe3b032f8e136912ba44d6f5fe2f
-
SHA256
a578f68e62faffd324cdbcd73e781c8c2c4976a0c6d6048f4b4692527310e608
-
SHA512
e01da0d0885e5ba9901b595d15201c0101eac90d3a49c84ac5aa40cde040a30bd0a6cfe695e617d1f09960bd6a47a1dab49638fd4ed08efb3bc50e7e8bdfbae7
-
SSDEEP
1536:60dvJDXSAxE5WUh67GBva2yVJsIT/cFF2KyBBo09M7BXTT2WLN7aQQNbKk9UKuiF:6wJD/Ey75F4YB+VTTbZunb3Udiu+
Behavioral task
behavioral1
Sample
f29f169e410ccc847f78e8df47006a45025ba10f0d517629f80ad73995d614fd.exe
Resource
win7-20240708-en
Malware Config
Extracted
umbral
https://discord.com/api/webhooks/1275486097744597052/DtRIVGRXq9EbCOLuFG54p-sV2rFhTNQaPmROPZ12uQi4zP31iRoNPEVEdATCJBi9SiEL
Targets
-
-
Target
f29f169e410ccc847f78e8df47006a45025ba10f0d517629f80ad73995d614fd.exe
-
Size
227KB
-
MD5
57725f9d6fe867414481c9174b761df1
-
SHA1
498f57a097747aa80a83a2927a74d96c007028c6
-
SHA256
f29f169e410ccc847f78e8df47006a45025ba10f0d517629f80ad73995d614fd
-
SHA512
28de892b39cfb8e534c8bec5c2a8f277adb006499930fc6cf00251b5f157033d856dcb41dbc80375a61dc7ffe9eb109e1e00cbc42972b2202f8348daac7b6586
-
SSDEEP
6144:+loZM9rIkd8g+EtXHkv/iD4UcHZLxCqVUQhTuOLdG2Hb8e1mB1i:ooZOL+EP8UcHZLxCqVUQhTuOLd9Ec
-
Detect Umbral payload
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Drops file in Drivers directory
-
Deletes itself
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1