General

  • Target

    Perm Spoofer.rar

  • Size

    6.6MB

  • Sample

    241026-vgxz5stqap

  • MD5

    97121a6787051462f7d5c87c89dabbb9

  • SHA1

    2642f892d1efe500c0745984d6b0542f823b39bc

  • SHA256

    b4b6f0ce548f5ec6207bf0f8350011f953ef5d4011ff288ef5e2e0376cc18ded

  • SHA512

    a28bb2a68d7c41f966634e23cac55833755de2b8ee60d505c775296b93b80d71c77ebbb7a3802997bcdbd0fbeb84bef795e9c775a87a6545e591abc1edafeeba

  • SSDEEP

    196608:yJG8vczhg0vXbvtYHmisBsRzQs+hDiQJsfOrwB:yHvczhRvBDsRzQsGbsOrwB

Score
10/10

Malware Config

Extracted

Family

umbral

C2

https://discord.com/api/webhooks/1289681227711905882/4ls8QquqVGowr_EXsWQHgHYoYI53Bn36p04PP2sNUo6M6rTng5alXP6ABgXbGM7xSIBW

Targets

    • Target

      Perm Spoofer/Perm Spoofer.exe

    • Size

      2.4MB

    • MD5

      6d154933cb68c115a8c289e8ff8a6072

    • SHA1

      5a724bc8510a86b52d4303e537417e2317cc0286

    • SHA256

      459511219e3f82d6572fa398d3d67f5176bd91f2a9aa9f59e47070872751156e

    • SHA512

      6ee7896fb1beea2c02eb96e671b1027c1a5f61698a6a027814090f1054aad4765be09c68b37afbd40883f7ea5b09f1256ad91cf3b36076e017b76f3e9695ad14

    • SSDEEP

      24576:OKXQXDDJYjxsjehT2QotG/DchIVbQevFMlC/Whp72mZs+mnsz9CyWF4iK+6I/ChQ:OwQXDDJYV92QV/DH9tMY6sPXnwmn2j

    Score
    1/10
    • Target

      Perm Spoofer/brotlicommon.dll

    • Size

      134KB

    • MD5

      06b78499e47b2c93b613d555d613f766

    • SHA1

      617a65ac6b7e0a87532d321b3ccf6a1a6e03ae48

    • SHA256

      4bc96b5293deb2ec399f150b648d11582e50172409469e0bdcb1a2d7b4344841

    • SHA512

      dd7cdb5a385d102664c750ebc097057ddeaf554e5937f5eb66d444da68c792575ed678c1d1194566777bcf2a27062d656b3dcd0ac6daab95ba907a0cb5589ef4

    • SSDEEP

      3072:1Tk4lzbWhNbNL8DXGvVh73pbi0tdpvGJaoZB7PxBZw:1Tk4AhdNorGvHdbi09GJLw

    Score
    1/10
    • Target

      Perm Spoofer/brotlidec.dll

    • Size

      49KB

    • MD5

      2eebbc5aeea0483bd23b37821df77021

    • SHA1

      c1c81fa0e3ceb62950a61f4c2364fa3f68ae9709

    • SHA256

      7d0deb00e9ef1fe068e357196d3398adcdf1b747df68bfaf043dde13be3be67b

    • SHA512

      3ee60b7abe8a61971226f30529711e0600ce024198aacffa8536ab594bd014d26b22e0b6c9ac1f7e0c2feb94a3584a101c1548d7691214be0d652898ce87b305

    • SSDEEP

      768:iRc1dGuGMH5uA7Y9QkEQ6DD2m29HvyZazQxARbYs30ZzY1:i6Hn5hM91EQ6vF29HKyGY

    Score
    1/10
    • Target

      Perm Spoofer/bz2.dll

    • Size

      74KB

    • MD5

      4a8df49dc6f85ecd100d9602a000fc55

    • SHA1

      46124bc99360d23df7d11efc66779ee410d6f0f8

    • SHA256

      8c22c5a5525a58cf5ee30bab6a9c67bf1911ca6c162fca0fb6234918983bdac0

    • SHA512

      547434a05a2ec5ce752f44f56dbb56bc6cf88d9ccc4b1c3532c6d3b7586f8c6a204f6ecf2cb6002f7f5489a05615c09b349155d4f990cf8933ddf3c1c824492f

    • SSDEEP

      1536:q1uS1dcv95FBSQhLHNUgViZ/273Dd96lrDUXuepE8Gr:KkhHNJ8p2r8rWuepXu

    Score
    1/10
    • Target

      Perm Spoofer/cracked.exe

    • Size

      2.3MB

    • MD5

      3299b332914a579ba3bcd7d9776b426a

    • SHA1

      285e12334cc6c26bd3c4a8a302e58f13024e9af3

    • SHA256

      cd9ec5070f7245c4e4fec6cbfd6dfc5f6765a85d74c7d47656b8b8cb60259a30

    • SHA512

      367e70c601d1aadc3b6e9a07ce56bc3b696b1370eac6fa5d82be59022232fe3928baca109748d36e58a5da28e6f0f429926b1796ab13786e506d70a73f5965d3

    • SSDEEP

      49152:hMnpaiT1QY2Dp1F0fa3+Gf3WenWtn2jE:hDixQx/4M

    Score
    1/10
    • Target

      Perm Spoofer/dumped files/ASUSPDF2.bat

    • Size

      1KB

    • MD5

      471cc43c13cb0d8919d28bb41eb5e23b

    • SHA1

      cfcf0ad3d6b529443e50fe8d74150ddf5548597c

    • SHA256

      42475a5efcf83ad7a824d3bebb7e66f21153209e7e8850d0d39164393a7bc608

    • SHA512

      243cf363d9556b4ce479cf5dfabf2e11bdeb4257b2c0db27032b4bd55295228cad16bd95189f9368cd409ab8fed7bbc8e9bc4194d71615c63ac04781ee41aa51

    Score
    5/10
    • Drops file in System32 directory

    • Target

      Perm Spoofer/dumped files/AsDeviceCheck.exe

    • Size

      377KB

    • MD5

      bb47a42ad91a3ec8c1daa68ef714ced3

    • SHA1

      63b2402c1718343c2082e8890290cfe9405f049d

    • SHA256

      bdb8595e4b84f6187ca2c6def98bc94a434c20badeabc2d415e17b720dc94222

    • SHA512

      58f18d5e04a236fb49aa07b859e13464aa7c822809c177c051a8f3937f4227e3ca8586614c1983a528b7ca59324728685a879711d13a70bbf2398a4fa4294806

    • SSDEEP

      6144:u0lLNvLmP/LgoYG5HViOlHH7qKPUcky2FpwhPa24UW3Plqr9hU0Rgr:lzmP/Lgk5HViOlHH7qKPfky2FpwhyV3j

    Score
    1/10
    • Target

      Perm Spoofer/dumped files/AsDeviceChk.sys

    • Size

      36KB

    • MD5

      9accebd928a8926fecf317f53cd1c44e

    • SHA1

      d7d71135cc3cf7320f8e63cefb6298dd44e5b1d4

    • SHA256

      811e5d65df60dfb8c6e1713da708be16d9a13ef8dfcd1022d8d1dda52ed057b2

    • SHA512

      2563402cc8e1402d9ac3a76a72b7dab0baa4ecd03629cc350e7199c7e1e1da4000e665bd02ac3a75fd9883fa678b924c8b73d88d8c50bf9d2ae59254a057911e

    • SSDEEP

      768:cBOmh786zi+NqkO8Ouwn3uivOyiRZSFInq1os29zjTUD:cXi+NXwnecOyiaFInq1lCz+

    Score
    1/10
    • Target

      Perm Spoofer/dumped files/AsusPDF.bat

    • Size

      105B

    • MD5

      2efd18c35acbc250a4acadae1e4c842c

    • SHA1

      5660ce7f4cf82ea2965d754abc091063035ddd6e

    • SHA256

      6e3bdbc7a5fbd8ec32f23d21b7c11ca701c7daab21504621b58d23129929ece5

    • SHA512

      cfeb970c55b02213138ec9d213100b516862523754b8bd09824e6b2fe0a271482484803a94728639ff514891fca8ca55b35d800bb88c8b316d0939651f930dc9

    Score
    1/10
    • Target

      Perm Spoofer/dumped files/afuefix64.efi

    • Size

      682KB

    • MD5

      e4a02ec6ca1aed032ff936bb4ec25501

    • SHA1

      7221a9f33d9c6936077fd99bd3f51bc5692ff3b2

    • SHA256

      d33045e0f9c9edec05f7c7d568539d6e66209f9896538bf626b00c0b039dcf0f

    • SHA512

      46128b837f708a9cb36dbe455e091981ee5637154d2a10dcd78f2da149b651db66ced8c44dc76f2647916d933606d41f7a2c11e7d16f92f63b50f83028f74ddf

    • SSDEEP

      12288:wv9l8ql6Gq9LcMzkE9QK6gF6eaKSBS5XjRw/F:Ml8ql6t9LcMzkE9Q7goegBIjRw/F

    Score
    1/10
    • Target

      Perm Spoofer/dumped files/amideefix64.efi

    • Size

      421KB

    • MD5

      f4a05af91088785685cb4e941aebfd52

    • SHA1

      cf3a129d60bd0fc7772706b44f3a4bd73825ebc9

    • SHA256

      a7635bda29cf344f0e9650c012a37f38eececfe1d199ac247d69ae4f34731be4

    • SHA512

      e61f182e540c4584d5db49cccc73283369519c3f9827522431306fb8d3e5c9c994901f494352b172720bf761833ddb966756c05e74d15a597a149f86bacda630

    • SSDEEP

      6144:k7fizs5ZPvWWDFLiebFhQahgu2Ogk2xOVLlEFsh:k7f3vjkuhg7OmxOV

    Score
    1/10
    • Target

      Perm Spoofer/dumped files/bootx64.efi

    • Size

      941KB

    • MD5

      4692305d884feeaac0c22cb2fb94aa72

    • SHA1

      ff64c8245e9d775d76f0b0ff26c8ec548ff07a00

    • SHA256

      38d461a6debcda499a0660d11d051a68cc32fe459d4f370f77123b809a9286d3

    • SHA512

      40e0a4521f3fe7698ef24a64eda1ac1ecef78afcb69f4a0fbcf24641db95d7faf110c6afcabb955bc4078acabb5d9ca8dc35ada57f1f125eb6300f9aee672a04

    • SSDEEP

      12288:3ZMUTrc8WmOKIPk6n0W4jH2qD/tFA3o+3cBKNz:3ZMUTSmePk6n0PjH2e/tFvUNz

    Score
    1/10
    • Target

      Perm Spoofer/dumped files/disk.bat

    • Size

      13KB

    • MD5

      0c345568b15f4163d3955388cfa615f4

    • SHA1

      069c7b499e8f68fb90d316d6114440ef762507d6

    • SHA256

      28dc4e8c24c16af0910f3542ec8ae12376e668e45ba310a7f25c87ab4bfb89e8

    • SHA512

      d4619bbb7bfeccf0bb3ea7259fec6a8324aadd544017ee0df0390339d112fd0ced6707d91fc5036faf2c4cbcc9326c4ba57befbbdf909c2306c109acdba6c543

    • SSDEEP

      192:dIo4yR9Y9A/r1/kMUnNLyCYSvGOqHQ28lh9YDpqWkSyt1ninmdKgZ:3xR9hjF/UnECROBClh9YDpDkSy3inlo

    Score
    6/10
    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Target

      Perm Spoofer/dumped files/fixserials.exe

    • Size

      229KB

    • MD5

      9252505656ab18c34d4ecff6a7f86263

    • SHA1

      dfa01cbe5c99fbf67a5063f99c67669382e43356

    • SHA256

      78da8433390c0aaf2e5f748ff266bacad23fe9d05b1834eabceeb6ad69859589

    • SHA512

      5e270de9982c3137c16e32fa4c88f9a414893c623fbcdd5cb2f3ff9bbf82eac82bb8d01100d60ea8633da875b36df39d657a9090e393d4fdf717575821bce8a5

    • SSDEEP

      6144:lloZMcrIkd8g+EtXHkv/iD4l6qZEKtFu9r20VJgU8b8e1mbDi:noZrL+EP8l6qZEKtFu9r20VJgZd

    Score
    10/10
    • Detect Umbral payload

    • Umbral

      Umbral stealer is an opensource moduler stealer written in C#.

    • Umbral family

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Target

      Perm Spoofer/dumped files/iqvw64e.sys

    • Size

      3.2MB

    • MD5

      a67b478beb2166013bf4ae4de6527f6f

    • SHA1

      078ee9c300302b49f64d33b47f2cbc38575ea69c

    • SHA256

      efefd03984e131c6ab6f3a7ec6e47a0176f4bbc9ba59955c1fb81c0fb9735dc8

    • SHA512

      2a6bb7406f33a3fa935dbcbab2a8086f44d5046cd865c69ef8ff37bbc617871b56ffb0ecf2a8137e57b86a40e8c34fb43eaa9558ca4e52980595d369d00783e5

    • SSDEEP

      49152:192Aga0jmeUxVcw/8+Aa5qktTY82oIoTq+sNLAPLmrx7/F99CcpEnj1gpMLXH47L:Pga0jRCaCW6ndTqZoQjc5SpMIL

    Score
    1/10
    • Target

      Perm Spoofer/dumped files/mac.bat

    • Size

      1KB

    • MD5

      707c798832f76eb383a0501b2773ec32

    • SHA1

      3ebd0413af9929109ea0eb0045a2d26a256e771f

    • SHA256

      940f3e68e62ad73c0668e854d821d88eacc8ea8fb8e130e42a34368ae9f5852e

    • SHA512

      13e92ef958cfcc5686a2886b4a011f2287ec261028db0c6816d738eb715490d69ca37f8232e7bb3bebd5d49ce65bf4b9f55ae12d4af056bf569e5a1dba2f3da9

    Score
    1/10
    • Target

      Perm Spoofer/dumped files/tpmbypass.exe

    • Size

      361KB

    • MD5

      e52dbee99540de26acb3609e292fd608

    • SHA1

      025a222472b6a93bdcdccf3d65b4f7048de4da82

    • SHA256

      d45bf64f19b01d5fcd4cfd4428c58ee8ce6ea5a2d62c66bde89c54cb4ea13336

    • SHA512

      a334d28a4453de90e86dd670f3ca48fceaf3045f6f74a5d171e7eb1c905498bcd10a8a2acfbd06177a99501f313376fadf82f2b563310f63081d873326b97f9e

    • SSDEEP

      3072:DTqOQE9youE4btOFqghJdvNC5t+rgWeQnkiXPRizVBJm5jNs2l0hL4:NQ2ut0YkgWJkDm5jNs2la8

    Score
    1/10
    • Target

      Perm Spoofer/dumped files/winxsrcsv64.EXE

    • Size

      379KB

    • MD5

      91a31f23f3e50bd0a722e605687aed1e

    • SHA1

      f56fa26aaccdd6eb3f1ea53f06674b01327cd7c4

    • SHA256

      818d6d87d0facc03354bf7b0748467cf61040031248ba8b46045ed9dbe4053d8

    • SHA512

      649ee112c0e9d0c63c199f0dee84332f915af336dd7ad0ff70cbd49cc148c832182ff748c67fe1dee958215ea4a095545d1a93fdeb90fbdeb6f98076b499aab0

    • SSDEEP

      6144:y0l5U6eUbNRNrOHh84pi8Y8ubTIlceF4knL7AL8tdwndOLv23+cr9JUPlJh:pyU5zOHy4pi8Y8ubTIlceF4knL7AmbvF

    Score
    1/10
    • Target

      Perm Spoofer/dumped files/winxsrcsv64.sys

    • Size

      26KB

    • MD5

      f900a6e8c788e1330f551783797af853

    • SHA1

      d927d601c19bc067d73f7aa265682354da6dac8e

    • SHA256

      71114f4521fc92abdfac7d7192f3b7e29fc42e9eadc9320d5a58c9b4432bd9e7

    • SHA512

      7c047457631c7af0a05bed8463934f5e761c50efa1b1a2e6a34d0eb27473113a88a9d2fc44a2027b2d5f67bea371ff8b0b906f7d5a208a546b7ee7265ea35f04

    • SSDEEP

      768:MBOmh786zi+NqkO8OuwnpuGh8L3BY+s9zq:MXi+NXwnpsm+kzq

    Score
    1/10
    • Target

      Perm Spoofer/freetype.dll

    • Size

      673KB

    • MD5

      4d73b4331a9992e9a0bd61710602bf05

    • SHA1

      f08719d08d5188795c7e80995066f59b814faf2a

    • SHA256

      84c816e957c75ffc45f81ab906134a3ed78e3d2b345f9ee95ac5307d329ab66f

    • SHA512

      8d70376d25f7b171ed3fd20249f27d9b442bddea69e6baa821b16d35c91d7c85a77a34efc163308c603a0ec75b51dedb3a90b539566cb06e7707f6bc89827f1a

    • SSDEEP

      12288:zN3GS4H5liaMY5hSnzercgSIVPGH/UNeXOzH84KftYNG7fEWmYsxp:zN3GTHiaMY5hMCrc2Q8NFzciXZX

    Score
    1/10
    • Target

      Perm Spoofer/libpng16.dll

    • Size

      197KB

    • MD5

      6a2320c015d95b79bb1d9fc8c6be249a

    • SHA1

      445787d7a77cdb89bfc47f022d02b1b3c5616fe6

    • SHA256

      6ceece601fd403743eaa0b14522424f5a4a54d1220e016d787136ead766c4b67

    • SHA512

      130522aab7aa068a0a8a0b96a04ebd25f92dc0f3f4e490a02f832a29f6d872ee2afc171fa5ff384bc2a192d1d8b0f047983f978a7c0c0412c04f1494d65fddb6

    • SSDEEP

      3072:4oOAYGONJdu2AX/tO9XvpoWbxU6iLGmK4cVSQnqbdvZSg/kaVJC:4orEzu2AXgBoihcRWSWq9lkJ

    Score
    1/10
    • Target

      Perm Spoofer/non cracked.exe

    • Size

      2.3MB

    • MD5

      719c6e5d17a8efaeed249855aabffb8d

    • SHA1

      1ed4dc7bc5542b7dbcdf5f6545fbd959bcda44da

    • SHA256

      0d0a8748de8421e39979b46e45b162279db68af1d95e64fb184b0b397f796590

    • SHA512

      6afeb00328fccc035bad4039f270cb95d4d918e15c2c8cb34a1fa1667ab4069b31e3cff84c6cdc47b974a8a398d122e193ba189990ba740840cfbc98dd7db0b5

    • SSDEEP

      49152:hMnpaiT1QY2DpmF0fa3+Gf3Wenctn2jE:hrixQ4/CM

    Score
    1/10
    • Target

      Perm Spoofer/zlib1.dll

    • Size

      88KB

    • MD5

      fde9b1051b43062d3a3fa65e608c49d0

    • SHA1

      6b82c7d2384377ff4f1668d350e83f72d2672b6d

    • SHA256

      a9a06c6dc1017f129b9ca53a472c1965469ce900c57fdec90eecb8ed0f543933

    • SHA512

      c9534cd2833c2a6ee0c1731f9b545749835b1a547dec88ece28de3406f7b555f9f0ed947f09da690da91366b49862f9bd83177a5e84db2d43ece2679cd203251

    • SSDEEP

      1536:Jc9wKxbEwda1CzUbFfbpVxyRyxpGTlKALe6IOcIOZIySExo9ayi:GuKxbEwUEAhbprCOGT6ISZIBIo9u

    Score
    1/10

MITRE ATT&CK Enterprise v15

Tasks