General
-
Target
MCFACODEGEN.rar
-
Size
1.2MB
-
Sample
241025-ntqy2ayelb
-
MD5
69e5611ea942cd21a757560655ccacf2
-
SHA1
0d2ad44df6dff58c89a6a9c3e6373c99e3b81bfa
-
SHA256
6f806a1b18c89c3a482ccfb2b525eae695e9ad7c533b4c503aa1c7f3c29fc71b
-
SHA512
51df06538b27c790fe900feff39a226238bec681311eed9ad1e40067010e2496da174f4b8bb91b89ecc96fd614977d94eb3971e9a8d422d19367d8df35168be3
-
SSDEEP
24576:NJYoATtIVUnKlWRgMe4xsebNjWjYckZUb1bD+G5A3vIcHP6qAG2eGs1Gb:PA5SUnmThzebNJZUbhKG5iAcv6qAGBy
Behavioral task
behavioral1
Sample
Bunifu.Licensing.dll
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
Bunifu.Licensing.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
CODEMCFA.exe
Resource
win7-20241010-en
Malware Config
Extracted
umbral
https://discord.com/api/webhooks/1298608602063437835/JyCfJN4kOZTYSMy3p7C0nzjwBZVeXN-s99bZmxGmhCwtA9ugQjsNEeKH7DXCeDl2AAko
Targets
-
-
Target
Bunifu.Licensing.dll
-
Size
1.3MB
-
MD5
2b2740e0c34a46de31cf9da8a75d77cf
-
SHA1
242324f1112e6387cda41686291b6e9a415eeb8c
-
SHA256
a9be91cae167702885a5ca74273db779e3e391e2e604cc03779ed403c53ebe43
-
SHA512
605eb300b159e6ed2ee872b6ee378eed7dde6541000221fcd94d52057be91cb3c7dd65c7203f05e0718303b157b6fb941498b5e653501f97f0417d459da6bc40
-
SSDEEP
24576:ebkurkdR5uuMeiPUf2lHmdpjrcbYdwcqMw5LTvBrq/WGs1xGUfGUCco:a1roD9MeiUDDjrW4bqD5LDBrqWG0GUfX
Score1/10 -
-
-
Target
CODEMCFA.exe
-
Size
231KB
-
MD5
9503a8b58a6162341186e7376beed76f
-
SHA1
1076edc775b7a770b4908ff8a961d6db50489ca0
-
SHA256
149e3d957ea166e513bfdf2152403b27e75ae5fe110bae79b2104fdab6f8f6b3
-
SHA512
f2f19b80e2d369c49d9dcc25fda842c28b31baca6f78528c2074591251a947e55978173ffc72f341fbb0959219470080ad59f2f7868661d903494a308e3a1f96
-
SSDEEP
6144:RloZM+rIkd8g+EtXHkv/iD48xntPlO2ZTc1niinND1b8e1mXKDi:joZtL+EP88xntPlO2ZTc1niinNZI5
-
Detect Umbral payload
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-