General

  • Target

    57725f9d6fe867414481c9174b761df1.bin

  • Size

    89KB

  • Sample

    240822-bqgjzavdkq

  • MD5

    8410c6f78da6ff5f4241695833d74991

  • SHA1

    62c975febf1cfe3b032f8e136912ba44d6f5fe2f

  • SHA256

    a578f68e62faffd324cdbcd73e781c8c2c4976a0c6d6048f4b4692527310e608

  • SHA512

    e01da0d0885e5ba9901b595d15201c0101eac90d3a49c84ac5aa40cde040a30bd0a6cfe695e617d1f09960bd6a47a1dab49638fd4ed08efb3bc50e7e8bdfbae7

  • SSDEEP

    1536:60dvJDXSAxE5WUh67GBva2yVJsIT/cFF2KyBBo09M7BXTT2WLN7aQQNbKk9UKuiF:6wJD/Ey75F4YB+VTTbZunb3Udiu+

Malware Config

Extracted

Family

umbral

C2

https://discord.com/api/webhooks/1275486097744597052/DtRIVGRXq9EbCOLuFG54p-sV2rFhTNQaPmROPZ12uQi4zP31iRoNPEVEdATCJBi9SiEL

Targets

    • Target

      f29f169e410ccc847f78e8df47006a45025ba10f0d517629f80ad73995d614fd.exe

    • Size

      227KB

    • MD5

      57725f9d6fe867414481c9174b761df1

    • SHA1

      498f57a097747aa80a83a2927a74d96c007028c6

    • SHA256

      f29f169e410ccc847f78e8df47006a45025ba10f0d517629f80ad73995d614fd

    • SHA512

      28de892b39cfb8e534c8bec5c2a8f277adb006499930fc6cf00251b5f157033d856dcb41dbc80375a61dc7ffe9eb109e1e00cbc42972b2202f8348daac7b6586

    • SSDEEP

      6144:+loZM9rIkd8g+EtXHkv/iD4UcHZLxCqVUQhTuOLdG2Hb8e1mB1i:ooZOL+EP8UcHZLxCqVUQhTuOLd9Ec

    • Detect Umbral payload

    • Umbral

      Umbral stealer is an opensource moduler stealer written in C#.

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

    • Drops file in Drivers directory

    • Deletes itself

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.