Extracted

• • Target

    b2bfd1500afcf35758914c882e9ced8eedd422f085eb6cb620438a92c70ef01b.exe

  • Size

    229KB

  • MD5

    63c8a7e1b6b7aceb3da5f2f6b0abc53a

  • SHA1

    957f75df411f22c1076838f331c14d5e6e08ee31

  • SHA256

    b2bfd1500afcf35758914c882e9ced8eedd422f085eb6cb620438a92c70ef01b

  • SHA512

    e260c30ece30075f5efd0753ff8c9073be033571fc99e830bb08a30e071fd643d0fa796a78778491fcfabe479d6f7bae995dc432ff2d00f3b91753144639132a

  • SSDEEP

    6144:9loZM+rIkd8g+EtXHkv/iD4giX9UgGhZq+fiQBFUuQb8e1mLucSUi4:foZtL+EP8gI9UgGhZq+fiQBFUT33d4

  Score

  10^/10

  umbraldiscoveryexecutionspywarestealer

  • Detect Umbral payload

  • Umbral

    Umbral stealer is an opensource moduler stealer written in C#.

    stealerumbral

  • Umbral family

    umbral

  • Command and Scripting Interpreter: PowerShell

    Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    execution

  • Drops file in Drivers directory

  • Deletes itself

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Legitimate hosting services abused for malware hosting/C2

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  behavioral1behavioral2