General
-
Target
Fatality.exe
-
Size
231KB
-
Sample
240826-xb7y9szhpr
-
MD5
2a9d5da0bb69d53e1b68178bc63e9390
-
SHA1
b1170f7ca36ea613188a272dc8ff8720a586de3a
-
SHA256
b575e722311556b67bc4f2ff77470063e5453e8f9952ddcd33afec9bdefc3902
-
SHA512
372288f96c8d39cba9529e7c44ce4b083eddf50dc3c3317b7b97c02d07018cdc2e0913da3e8309d548f80d68c95b9dd65e4febd4d7ca3b4d6a8df3360cf6aca3
-
SSDEEP
6144:RloZM+rIkd8g+EtXHkv/iD4ZvHYe5xypXKYZd8ZC6lY8e1mGi:joZtL+EP8pHYe5xypXKYZd8dk2
Behavioral task
behavioral1
Sample
Fatality.exe
Resource
win7-20240708-en
Malware Config
Extracted
umbral
https://discord.com/api/webhooks/1270399724431867935/HjClfkOVqhZa8ElKgkYuPRyoXVGf7yB2AqieOsUFaDEyif-Oe__Dw5TFjFKt_Mc4n-Dr
Targets
-
-
Target
Fatality.exe
-
Size
231KB
-
MD5
2a9d5da0bb69d53e1b68178bc63e9390
-
SHA1
b1170f7ca36ea613188a272dc8ff8720a586de3a
-
SHA256
b575e722311556b67bc4f2ff77470063e5453e8f9952ddcd33afec9bdefc3902
-
SHA512
372288f96c8d39cba9529e7c44ce4b083eddf50dc3c3317b7b97c02d07018cdc2e0913da3e8309d548f80d68c95b9dd65e4febd4d7ca3b4d6a8df3360cf6aca3
-
SSDEEP
6144:RloZM+rIkd8g+EtXHkv/iD4ZvHYe5xypXKYZd8ZC6lY8e1mGi:joZtL+EP8pHYe5xypXKYZd8dk2
-
Detect Umbral payload
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Drops file in Drivers directory
-
Deletes itself
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1