umbral | 0c4bbb21db8c983e9ae8e3c887cdd84bdc301b488d96305d1590baf61e770613 | Triage

Sharing

General

Target

fulloption-gg.exe
Size

8.2MB
Sample

241122-n3psbsznds
MD5

e706284bc99803ad33ff4ea3e7ba888c
SHA1

b8a7f0700cbbb8ab229fda7189287b4283442c13
SHA256

0c4bbb21db8c983e9ae8e3c887cdd84bdc301b488d96305d1590baf61e770613
SHA512

8def34539fa5923e4a6f960a126e0d6ae24cde1938d4ddc86103e77a50be332d77769ae0002a8415b0bf21b35321e8e3616e461db4bd19e8f92ec7f20f9535a3
SSDEEP

196608:PXy/hwuLIoBA1HeT39IigQh1ncKOVVtk7bUZtQ1NQPxtKh:f0aIq1+TtIiLv0VQ26uKh

Score

10^/10

umbral execution pyinstaller spyware stealer

Malware Config

Targets

- Target
  
  fulloption-gg.exe
- Size
  
  8.2MB
- MD5
  
  e706284bc99803ad33ff4ea3e7ba888c
- SHA1
  
  b8a7f0700cbbb8ab229fda7189287b4283442c13
- SHA256
  
  0c4bbb21db8c983e9ae8e3c887cdd84bdc301b488d96305d1590baf61e770613
- SHA512
  
  8def34539fa5923e4a6f960a126e0d6ae24cde1938d4ddc86103e77a50be332d77769ae0002a8415b0bf21b35321e8e3616e461db4bd19e8f92ec7f20f9535a3
- SSDEEP
  
  196608:PXy/hwuLIoBA1HeT39IigQh1ncKOVVtk7bUZtQ1NQPxtKh:f0aIq1+TtIiLv0VQ26uKh
Score

10^/10

umbral execution spyware stealer
- Detect Umbral payload
- Umbral
  Umbral stealer is an opensource moduler stealer written in C#.
  stealer umbral
- Umbral family
  umbral
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

umbralexecutionspywarestealer