Resubmissions
26/12/2024, 12:33
241226-pq936swkbl 1026/12/2024, 12:21
241226-pjphwsvrgp 1026/12/2024, 12:12
241226-pdcbdavpax 1023/12/2024, 17:23
241223-vyh8bawkdz 1023/12/2024, 17:02
241223-vj7x5avqfs 723/12/2024, 16:41
241223-t6493svnav 1023/12/2024, 16:30
241223-tz4d7svldy 423/12/2024, 16:09
241223-tl5ecatrcv 1022/12/2024, 23:42
241222-3qhwksskhk 622/12/2024, 23:31
241222-3hxprssjgm 10General
Static task
static1
URLScan task
urlscan1
Malware Config
Extracted
Family
umbral
C2
https://discord.com/api/webhooks/1321218560835457096/lD3OVCiOK-acMzfeU7SESfR0F0UfH0sPRT29r5gwu_KsLWvgiWvVBBy2yTp09PB9QrZW
Targets
-
-
Detect Umbral payload
-
Umbral family
-
Drops file in Drivers directory
-
A potential corporate email address has been identified in the URL: =@L
-
Executes dropped EXE
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1