Extracted

• • Target

    lol.exe

  • Size

    229KB

  • MD5

    ea031754ac9fe28dbc0c5915cb638e44

  • SHA1

    14b2c7b94aefdfc911e26fc5deb6eb8b6d7c0aed

  • SHA256

    cfb7119e9b1eea0c3f511fb51952399c3f10edb91e12030e49a30172b0510e7e

  • SHA512

    39a0790b3bae0862b1ba87bd6d1165694ba09cfa5104935e00ebaa13924699b2efba92ee6e744d3d820a9c05f80fa41fa1649498dce8f430835e8c6e813c25bb

  • SSDEEP

    6144:9loZM9rIkd8g+EtXHkv/iD4RugVzZqStvY5rWWDFZb8e1m7i:foZOL+EP8RugVzZqStvY5rWWD3V

  Score

  10^/10

  umbralcredential_accessdiscoveryexecutionspywarestealer

  • Detect Umbral payload

  • Umbral

    Umbral stealer is an opensource moduler stealer written in C#.

    stealerumbral

  • Credentials from Password Stores: Credentials from Web Browsers

    Malicious Access or copy of Web Browser Credential store.

    credential_accessstealer

  • Command and Scripting Interpreter: PowerShell

    Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    execution

  • Command and Scripting Interpreter: PowerShell

    Using powershell.exe command.

    execution

  • Drops file in Drivers directory

  • Deletes itself

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Legitimate hosting services abused for malware hosting/C2

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  behavioral1behavioral2