Extracted

• • Target

    Plague (by Cami)(1).zip

  • Size

    146KB

  • MD5

    190f8bf21b950681ea855be5a74b50f2

  • SHA1

    0204b292bc7b4f77538d228275944c687b49d655

  • SHA256

    7b12f8e98a56c0cab6238c8a60857085bd5c33769384a0b1d6e20a0322fc0626

  • SHA512

    1db6b066dad5c0a0e45479d4798472f043cf782c57f0fe643f57f777c5ee92fe5438dfd8beddd547657105eda949592308c6908c9308ba0f13f5f101f4fffc63

  • SSDEEP

    3072:ucRQIF79qsYSglcVj0NkZfFHXA534KIrY73S7SdM+TJDV6yNRO:NR3FpxVj0KTHJYusJDVpRO

  Score

  10^/10

  umbralexecutionspywarestealer

  • Detect Umbral payload

  • Umbral

    Umbral stealer is an opensource moduler stealer written in C#.

    stealerumbral

  • Umbral family

    umbral

  • Command and Scripting Interpreter: PowerShell

    Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    execution

  • Executes dropped EXE

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Legitimate hosting services abused for malware hosting/C2

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  behavioral1

• • Target

    MVPLoader.exe

  • Size

    296KB

  • MD5

    a003b413af774f804d4636f1c548432d

  • SHA1

    1278d0575f8f693f525b0c9382b9eb6c5a01f1f7

  • SHA256

    701bcfb85c1c91cba00d1ab6642071739621b886e79255d874dd0def2adbe6b6

  • SHA512

    9abbc1dae91f85e8565905cb78e7266e7dfa1a6c98e3c80dd2ad9e6d6fd955bd28b7b908c802c74a8e6960b98e85c4d040aa7e01adc0babb841634c339db79d6

  • SSDEEP

    6144:9loZMCrIkd8g+EtXHkv/iD4uDwGPlO2Z0c1niinghb8e1mbietLjth6t0stcOtKc:foZZL+EP8uDwGPlO2Z0c1niingtK

  Score

  10^/10

  umbralexecutionspywarestealer

  • Detect Umbral payload

  • Umbral

    Umbral stealer is an opensource moduler stealer written in C#.

    stealerumbral

  • Umbral family

    umbral

  • Command and Scripting Interpreter: PowerShell

    Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    execution

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Legitimate hosting services abused for malware hosting/C2

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  behavioral2

• • Target

    PlagueCrack.dll

  • Size

    158KB

  • MD5

    dfba4cdbc0fe0f5fdb513b25eae7ead2

  • SHA1

    d8ba0526bfab189d062ed3d62d5b6cb33e580182

  • SHA256

    6ce99512a85b9b706aab155e6226cb4dae6f6bfa18babaa77e28ab282c6209d0

  • SHA512

    e4dc7757a1a5f6a4530ca21098a61d274fff8157736e14a3db4b638f60dafbd2c8caaab80d006cabc247d1b2e6911c2a24dc33027d4c829baf4e91f80d5051e3

  • SSDEEP

    3:kM1sDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDn:Fg

  Score

  1^/10
  behavioral3