Extracted

• • Target

    vJxj.exe

  • Size

    227KB

  • MD5

    945f3e693c8465494fcb4d208498b4c2

  • SHA1

    8750e7c46ba29ddf303ce39a00b915317c6695b5

  • SHA256

    492f241ed1af18331729e305f0c4943366cc399532898554f7169571e34fa2e2

  • SHA512

    be19a393984e5699170f094c33c2876708d6d8f58910c40b0ced63e5b07bb72447dd6c7bda64d53a5b6b60ecbe1f5afd23e5c32f24efddf775bad839f0c3869e

  • SSDEEP

    6144:+loZMDXU9Zx0kt8X0/PSCsMmp+LSQPL4eBECDjaTC3b8e1m7i:ooZnf0kkPzp+LSQPL4eBECDjash

  Score

  10^/10

  umbraldiscoveryexecutionspywarestealer

  • Detect Umbral payload

  • Umbral

    Umbral stealer is an opensource moduler stealer written in C#.

    stealerumbral

  • Umbral family

    umbral

  • Command and Scripting Interpreter: PowerShell

    Using powershell.exe command.

    execution

  • Drops file in Drivers directory

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  behavioral1