General

  • Target

    MCFACODEGEN.rar

  • Size

    1.2MB

  • Sample

    241025-ntqy2ayelb

  • MD5

    69e5611ea942cd21a757560655ccacf2

  • SHA1

    0d2ad44df6dff58c89a6a9c3e6373c99e3b81bfa

  • SHA256

    6f806a1b18c89c3a482ccfb2b525eae695e9ad7c533b4c503aa1c7f3c29fc71b

  • SHA512

    51df06538b27c790fe900feff39a226238bec681311eed9ad1e40067010e2496da174f4b8bb91b89ecc96fd614977d94eb3971e9a8d422d19367d8df35168be3

  • SSDEEP

    24576:NJYoATtIVUnKlWRgMe4xsebNjWjYckZUb1bD+G5A3vIcHP6qAG2eGs1Gb:PA5SUnmThzebNJZUbhKG5iAcv6qAGBy

Score
10/10

Malware Config

Extracted

Family

umbral

C2

https://discord.com/api/webhooks/1298608602063437835/JyCfJN4kOZTYSMy3p7C0nzjwBZVeXN-s99bZmxGmhCwtA9ugQjsNEeKH7DXCeDl2AAko

Targets

    • Target

      Bunifu.Licensing.dll

    • Size

      1.3MB

    • MD5

      2b2740e0c34a46de31cf9da8a75d77cf

    • SHA1

      242324f1112e6387cda41686291b6e9a415eeb8c

    • SHA256

      a9be91cae167702885a5ca74273db779e3e391e2e604cc03779ed403c53ebe43

    • SHA512

      605eb300b159e6ed2ee872b6ee378eed7dde6541000221fcd94d52057be91cb3c7dd65c7203f05e0718303b157b6fb941498b5e653501f97f0417d459da6bc40

    • SSDEEP

      24576:ebkurkdR5uuMeiPUf2lHmdpjrcbYdwcqMw5LTvBrq/WGs1xGUfGUCco:a1roD9MeiUDDjrW4bqD5LDBrqWG0GUfX

    Score
    1/10
    • Target

      CODEMCFA.exe

    • Size

      231KB

    • MD5

      9503a8b58a6162341186e7376beed76f

    • SHA1

      1076edc775b7a770b4908ff8a961d6db50489ca0

    • SHA256

      149e3d957ea166e513bfdf2152403b27e75ae5fe110bae79b2104fdab6f8f6b3

    • SHA512

      f2f19b80e2d369c49d9dcc25fda842c28b31baca6f78528c2074591251a947e55978173ffc72f341fbb0959219470080ad59f2f7868661d903494a308e3a1f96

    • SSDEEP

      6144:RloZM+rIkd8g+EtXHkv/iD48xntPlO2ZTc1niinND1b8e1mXKDi:joZtL+EP88xntPlO2ZTc1niinNZI5

    Score
    10/10
    • Detect Umbral payload

    • Umbral

      Umbral stealer is an opensource moduler stealer written in C#.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Matrix

Tasks