General
-
Target
435a2c3b87a6d4e96690d2aae112660823dc52740222c85a80e5f01e9910ee92
-
Size
231KB
-
Sample
240919-kggcaazeqm
-
MD5
3b915b9bbc5ddf429f85bf939febe424
-
SHA1
2278baaf3764a27bc962de75601f4d49b2191592
-
SHA256
435a2c3b87a6d4e96690d2aae112660823dc52740222c85a80e5f01e9910ee92
-
SHA512
d83341bf784bed732bf120299824ea066f66f505b6dd0fb0b84396af34877a1ba0c483c805835179be2463dd34503b31260035e78f47ca1396305f60f2be50ed
-
SSDEEP
6144:xloZM+rIkd8g+EtXHkv/iD4LmfzMOsTPkPFQu//OPub8e1mt6i:DoZtL+EP8LwzMOsTPkPFQu//OKO/
Malware Config
Extracted
umbral
https://discord.com/api/webhooks/1285740646597922817/JzkdWV_susRrZmH9kMV_cDF9XoYZDy-wrySe9jVqGNwW3dOIhx6NW9DtmzGED4W8cpWh
Targets
-
-
Target
435a2c3b87a6d4e96690d2aae112660823dc52740222c85a80e5f01e9910ee92
-
Size
231KB
-
MD5
3b915b9bbc5ddf429f85bf939febe424
-
SHA1
2278baaf3764a27bc962de75601f4d49b2191592
-
SHA256
435a2c3b87a6d4e96690d2aae112660823dc52740222c85a80e5f01e9910ee92
-
SHA512
d83341bf784bed732bf120299824ea066f66f505b6dd0fb0b84396af34877a1ba0c483c805835179be2463dd34503b31260035e78f47ca1396305f60f2be50ed
-
SSDEEP
6144:xloZM+rIkd8g+EtXHkv/iD4LmfzMOsTPkPFQu//OPub8e1mt6i:DoZtL+EP8LwzMOsTPkPFQu//OKO/
Score10/10-
Detect Umbral payload
-
Umbral
Umbral stealer is an opensource moduler stealer written in C#.
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Command and Scripting Interpreter: PowerShell
Using powershell.exe command.
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Drops file in Drivers directory
-
Deletes itself
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1