Overview

overview

10

Static

static

10

Nursultan/...ck.exe

windows7-x64

10

Nursultan/...ck.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Nursultan.rar

  • Size

    107KB

  • Sample

    241108-pzecvs1qgz

  • MD5

    8595d1278d17ddd0975956ff13964abe

  • SHA1

    0ff59987a6053395248236ed0db5f581c765421e

  • SHA256

    4ad4d37a29ba252afce7fc4d0fd2f034ed1ec34b07e835189f0deeac96427c03

  • SHA512

    67ead5076c616b1b555da364b1984085f27944297f323ea615fe346f052bb6f5c7a5ab98925d3a2dda087d86242962a484030a153b15544fcd3fe7d5045678a2

  • SSDEEP

    3072:grbF5vtTi7uzI/HUY0uoKA1odo670CcuojlA:ibF5vdouzI/yQrdL0CcuUG

Score
10/10
umbralstealer

Malware Config

Extracted

Family

umbral

C2

https://discord.com/api/webhooks/1303346382320566364/NKw3SHRn53oFiPfzBhnGkM5DJDPNYfTopbE2xqInlxxGUx2Xeo3MNSDPrwfoElJVpQzF

Targets

    • Target

      Nursultan/NursultanCrack.exe

    • Size

      328KB

    • MD5

      4f7415acf4f5a898dd0ea6e7924137e2

    • SHA1

      13f5917af6bbf1f1f98633ac18532d8a43c2d92e

    • SHA256

      c182f999bccd715dd8dfd60b2c212ceaec08bad843ee95ecef3abf6230b7a447

    • SHA512

      eb903b09428f8ef8ba349a507a73627875096a4952ed768c640752b6bf1019a0ea1ca88246928055ba8591666de4dbfbf58bab65fc12e7544d013e13e838feb9

    • SSDEEP

      6144:iloZM+rIkd8g+EtXHkv/iD4CzaYSx6PTg8e1mHisxBt25:soZtL+EP8CzaYSj9sxBt

    Score
    10/10
    umbralstealer

    • Detect Umbral payload

    • Umbral

      Umbral stealer is an opensource moduler stealer written in C#.

      stealerumbral

    • Umbral family

      umbral

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks