Extracted

• • Target

    фambral.exe

  • Size

    227KB

  • MD5

    6e13e79e84c2222a4f601af974a38f45

  • SHA1

    1653fa8feb0e8c2b9230c0c9fe0da9dc33d1b1fc

  • SHA256

    b4a7f642b99b55cd0a4d0f853404c74e3a56a7d8ebdd2cc2548f3c3aafe201fd

  • SHA512

    5046475acd8bff206583c99c260b5d182ebe794d6656a3e146583d6cc4ac64f47ec0ef7d6520111c0e58ff8428b155afb19bfc5625ddc075276324f1424037a4

  • SSDEEP

    6144:+loZMUrIkd8g+EtXHkv/iD4/wbM4+ZRSh3q459cr6Gb8e1mSi:ooZrL+EP8/wbM4+ZRSh3q459cpA

  Score

  10^/10

  umbraldiscoveryexecutionspywarestealer

  • Detect Umbral payload

  • Umbral

    Umbral stealer is an opensource moduler stealer written in C#.

    stealerumbral

  • Command and Scripting Interpreter: PowerShell

    Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    execution

  • Drops file in Drivers directory

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Legitimate hosting services abused for malware hosting/C2

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  behavioral1