General
-
Target
18a0a32340d190a5b8c803fa84bae012a4a6f8c89ef228a74e40c7edd89b343bN
-
Size
1.4MB
-
Sample
240920-3rm7pavfmq
-
MD5
ce100b5ae4fe05c8fd8f44f7ad9f4b40
-
SHA1
19a77380a68da11304c9ba7c1048f7257ba4951f
-
SHA256
18a0a32340d190a5b8c803fa84bae012a4a6f8c89ef228a74e40c7edd89b343b
-
SHA512
b19f7cd1b558ef7f598adb84726c94c885696c31efdbd981d07df17b908cb23fd7098b6f8f622d584033b55dba1d264f68a734e60bd81cb5d3f5600a542652ca
-
SSDEEP
24576:6DiGBKBipGMOU5lRBixlkBg0BLchDLtVVi/FpPwgX2YVC0/xaTO3O:OiGBKBipGMOUXRBi4tuFtjCxB80/xP
Malware Config
Targets
-
-
Target
18a0a32340d190a5b8c803fa84bae012a4a6f8c89ef228a74e40c7edd89b343bN
-
Size
1.4MB
-
MD5
ce100b5ae4fe05c8fd8f44f7ad9f4b40
-
SHA1
19a77380a68da11304c9ba7c1048f7257ba4951f
-
SHA256
18a0a32340d190a5b8c803fa84bae012a4a6f8c89ef228a74e40c7edd89b343b
-
SHA512
b19f7cd1b558ef7f598adb84726c94c885696c31efdbd981d07df17b908cb23fd7098b6f8f622d584033b55dba1d264f68a734e60bd81cb5d3f5600a542652ca
-
SSDEEP
24576:6DiGBKBipGMOU5lRBixlkBg0BLchDLtVVi/FpPwgX2YVC0/xaTO3O:OiGBKBipGMOUXRBi4tuFtjCxB80/xP
Score10/10-
Detect Umbral payload
-
Umbral
Umbral stealer is an opensource moduler stealer written in C#.
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Command and Scripting Interpreter: PowerShell
Using powershell.exe command.
-
Drops file in Drivers directory
-
Drops startup file
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-