General
-
Target
freerobux.exe
-
Size
229KB
-
Sample
240924-yh7shsverh
-
MD5
b994081ca7787fdf253902e28c1a5c47
-
SHA1
91c30f314dda937fac7b5133c4f378e6c2cd47ff
-
SHA256
429170a034f165b7b9223205b04482ba8b1cc5582f9344bf70123c7e7e8e4c3e
-
SHA512
17b80c2325c0e900fa1a2c026d8eba0c3985ce27bb71c4f226a6d52a3f0122e4ad969fb163d75ec435169ea12c8b9538777986ab2dc498e5529d94ce20d019d4
-
SSDEEP
6144:FloZMArIkd8g+EtXHkv/iD4vWEs9rI8jP67NokR37b8e1mAi:HoZHL+EP8vWEs9rI8jP67NokRv+
Behavioral task
behavioral1
Sample
freerobux.exe
Resource
win7-20240708-en
Malware Config
Extracted
umbral
https://discord.com/api/webhooks/1288224776254394470/iP_c6Ebotsq_Xeu-hSVUeaYBh05AwT2JFnXZ2GC6swyPaRqktRcnaOFbF_r6DJCA2gOd
Targets
-
-
Target
freerobux.exe
-
Size
229KB
-
MD5
b994081ca7787fdf253902e28c1a5c47
-
SHA1
91c30f314dda937fac7b5133c4f378e6c2cd47ff
-
SHA256
429170a034f165b7b9223205b04482ba8b1cc5582f9344bf70123c7e7e8e4c3e
-
SHA512
17b80c2325c0e900fa1a2c026d8eba0c3985ce27bb71c4f226a6d52a3f0122e4ad969fb163d75ec435169ea12c8b9538777986ab2dc498e5529d94ce20d019d4
-
SSDEEP
6144:FloZMArIkd8g+EtXHkv/iD4vWEs9rI8jP67NokR37b8e1mAi:HoZHL+EP8vWEs9rI8jP67NokRv+
-
Detect Umbral payload
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Drops file in Drivers directory
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-