umbral

General

Target

Insta-Checker.rar
Size

12.5MB
Sample

241203-zvpyxazkbn
MD5

c864c6ebc454038b621f3bc8e7f95e39
SHA1

b1300ab696a8bbcf9b298b077a64dc9c009bd4b3
SHA256

964a54a737831c42dbd01e9dad0032ee2431cd67d3b2876efa10dd7362385388
SHA512

c42779e89a8e8d8249c2bf70aebdeae2d18a70e331db33a49396aae9ab27515c84b4879f228b8ca46070e3311616a0bacf5f24c272eb5017c2f396c351588ecf
SSDEEP

393216:j6FSmKUd1aoRX7gJ1blsrJh/WoKncv2TJdC:j6FsUdr7e1blIuoKncvaJdC

Score

10^/10

Malware Config

Extracted

Family

umbral

C2

https://discord.com/api/webhooks/1311853028680400957/msEao2pygwFSejk9GVaCuiS6YFPyMErZ4uLPA42C6h_TCBboJi6x98y5-EcCuL9UYch8

Targets

- Target
  
  Insta-Checker.rar
- Size
  
  12.5MB
- MD5
  
  c864c6ebc454038b621f3bc8e7f95e39
- SHA1
  
  b1300ab696a8bbcf9b298b077a64dc9c009bd4b3
- SHA256
  
  964a54a737831c42dbd01e9dad0032ee2431cd67d3b2876efa10dd7362385388
- SHA512
  
  c42779e89a8e8d8249c2bf70aebdeae2d18a70e331db33a49396aae9ab27515c84b4879f228b8ca46070e3311616a0bacf5f24c272eb5017c2f396c351588ecf
- SSDEEP
  
  393216:j6FSmKUd1aoRX7gJ1blsrJh/WoKncv2TJdC:j6FsUdr7e1blIuoKncvaJdC
Score

1^/10
behavioral1
- Target
  
  Insta-Checker/Data/Modules/instachecker.exe
- Size
  
  231KB
- MD5
  
  cec40612e64e3c8df04870610dafe7aa
- SHA1
  
  3a0fbfebe571c665e547bda8ec018817c2ae1094
- SHA256
  
  626257599554ffaf796d03057041b46b1b3ce07962be11f0c6c6bce82ef7ba43
- SHA512
  
  7d473ef2e6bedd05bd12550b925320f4cf0ee91f4b66b457dc34befa427c28bfbe0b81cdd0b5d5fd3b6434757a81016ca1d32ac00088accc6fc27cba9bf0c7b8
- SSDEEP
  
  6144:xloZM+rIkd8g+EtXHkv/iD4dmIB1DA0rMSjVg8Zafb8e1mDkei:DoZtL+EP8dmIB1DA0rMSjVg8ZszT
Score

10^/10

umbral discovery execution spyware stealer
- Detect Umbral payload
- Umbral
  Umbral stealer is an opensource moduler stealer written in C#.
  stealer umbral
- Umbral family
  umbral
- Command and Scripting Interpreter: PowerShell
  Using powershell.exe command.
  execution
- Drops file in Drivers directory
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral2
- Target
  
  Insta-Checker/Data/Modules/instachecker1.exe
- Size
  
  12.0MB
- MD5
  
  881bc5071aeea80252bb7930a40e0422
- SHA1
  
  59c4b3cc4ae09c510b6784e39570ac7a77228a9c
- SHA256
  
  b4d0e05f45b04d47c78fd9cf4b8539dd6afa080f37c230a512a9516b7dbd331a
- SHA512
  
  9d839a8613bac7cdca5ce375f9a3c56721884769762654dd7fd4bd5ed62acd68e5bbfaa0d29b58423284d85aa12d69b873a51bbe9e6a6f5d0b55f8aed49dc543
- SSDEEP
  
  196608:eIbY7HakrIK63UtauZijIXMCHGLLc54i1wN+QPIcu9KYK39shSEo3PPik2MeKOq:Yae63hucsXMCHWUj/cuId9/PiVTF
Score

7^/10
- Loads dropped DLL
behavioral3
- Target
  
  Insta-Checker/Start Checker.bat
- Size
  
  73B
- MD5
  
  8bed69e923be9aa02cb98665b15d1819
- SHA1
  
  a265ea13dce2e85b9bb779e3383863a0ed16b0cb
- SHA256
  
  398a166f3aa6183f6fc816c10e18d981d0c681ba63d488946b52fa1dde7de397
- SHA512
  
  60b5fa29f23efa3512c8119ae075c9a3dbd446cc60bc373af6c7209bdfe661ca325be8a5b03c7f73575bb80dd35e067c3e306937576f3ad482d4bd66330460ab
Score

10^/10

umbral discovery execution stealer
- Detect Umbral payload
- Umbral
  Umbral stealer is an opensource moduler stealer written in C#.
  stealer umbral
- Umbral family
  umbral
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Drops file in Drivers directory
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral4