Extracted

• • Target

    IPINFO.exe

  • Size

    231KB

  • MD5

    abfb56d4a8d6c13c0e2c3c9e43a0b778

  • SHA1

    b4a65f6ee69b61667444dea6ebdec7be5ef6f33f

  • SHA256

    f378696e692b4e4aef30f2476083c71fac866586440c60d77bc3d4849c7ff5f7

  • SHA512

    60784c9f40487e5ae8dd8695545f3027adc848325f6e82b16a41f94122d595b0a1138934795eac271893a17300ace0a5e960fb2de22583ad9be91746f57b443e

  • SSDEEP

    6144:RloZMNrIkd8g+EtXHkv/iD4tFQxw2xpa3PyAxVkHRb8e1mfi:joZmL+EP8tFQxw2xpa3PyAxVkJN

  Score

  10^/10

  umbralexecutionspywarestealer

  • Detect Umbral payload

  • Umbral

    Umbral stealer is an opensource moduler stealer written in C#.

    stealerumbral

  • Command and Scripting Interpreter: PowerShell

    Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    execution

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Legitimate hosting services abused for malware hosting/C2

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  behavioral1behavioral2