Overview

overview

10

Static

static

10

NINJA HEX CRAKED.exe

windows7-x64

10

NINJA HEX CRAKED.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    NINJA HEX CRAKED.exe

  • Size

    254KB

  • Sample

    241215-xtmfaatlbz

  • MD5

    6a5a18c107110aaa1b251bc168180320

  • SHA1

    4ce77f9a2af47610f8f2a254b49ae33f2958ef08

  • SHA256

    404ccd4c5dae49ea8f38a8bc283e0b488de49b04a45c3f6cfeecc3ac8162c18c

  • SHA512

    d6447e04a21a151d4625b8400a7253e59daa32ae0e027f9b6d478a9139510d7398af0338ed36b0aad7aa1321f239219c5349823d84e4c5d1a55c93b2a02c641f

  • SSDEEP

    6144:04oZo7J39KtWaV+CRB6jIx7axHUPGUphYc3YeRN66hn7DC8ej58bD:DoZA9Kd8jYPGUphYc3YeRN647k5e

Score
10/10
umbraldiscoveryexecutionspywarestealer

Malware Config

Extracted

Family

umbral

C2

https://discord.com/api/webhooks/1317835046182191155/IYPOJOoPa1SVviqW32fdefzF2Su_s9o0Kp-pbbK-0IRYee-MqprzJm_hde_WyDP9mvoi

Targets

    • Target

      NINJA HEX CRAKED.exe

    • Size

      254KB

    • MD5

      6a5a18c107110aaa1b251bc168180320

    • SHA1

      4ce77f9a2af47610f8f2a254b49ae33f2958ef08

    • SHA256

      404ccd4c5dae49ea8f38a8bc283e0b488de49b04a45c3f6cfeecc3ac8162c18c

    • SHA512

      d6447e04a21a151d4625b8400a7253e59daa32ae0e027f9b6d478a9139510d7398af0338ed36b0aad7aa1321f239219c5349823d84e4c5d1a55c93b2a02c641f

    • SSDEEP

      6144:04oZo7J39KtWaV+CRB6jIx7axHUPGUphYc3YeRN66hn7DC8ej58bD:DoZA9Kd8jYPGUphYc3YeRN647k5e

    Score
    10/10
    umbraldiscoveryexecutionspywarestealer

    • Detect Umbral payload

    • Umbral

      Umbral stealer is an opensource moduler stealer written in C#.

      stealerumbral

    • Umbral family

      umbral

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

      execution

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

      execution

    • Drops file in Drivers directory

    • Deletes itself

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks