Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

blasted.exe

windows7-x64

10

blasted.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    blasted.zip

  • Size

    90KB

  • Sample

    250105-trnc1s1nbn

  • MD5

    c0c1f4d447518ec3466b3196a6bc8bca

  • SHA1

    9cf2ec0c7bfb0ba18e85fe5c79d61165cb14dbbe

  • SHA256

    2761a5557845a1135de74de2cdb687900d3bd244d9d1966dd195cbfba61be36b

  • SHA512

    27fa369739f241bdfe06331dad818b23685c5c0cd0d2f76498706809685e28f60ad51ae310da768dda20bfece81da1a2dca964fcd4ac289f61872b5c0a9a0443

  • SSDEEP

    1536:a7k84F02OAAVLwSnX6BkLWU+tgX0I6BZftKXPfK1wg6/9MJAfbOYa1FSsediF:/3tqLL647kBJAXa1wg6/HbOYKekF

Score
10/10
umbraldiscoveryexecutionspywarestealer

Malware Config

Extracted

Family

umbral

C2

https://discord.com/api/webhooks/1318597375148687402/hi7z2fLgO4RRvXrp-fdHKsRpZGU-JbAhrm4wxVPBT5TIEA3KCmg8Y6RBurUI3jSJhEQ5

Targets

    • Target

      blasted.exe

    • Size

      229KB

    • MD5

      21e6f749bf59138d1528e64a34a88903

    • SHA1

      4f2447e8476dad93e39aac775a7bf91c2c8cd4b8

    • SHA256

      9952e7c346539dc361b2bda461eebf047ce00a2e3eb2bb3ab6f3fa0c0b5d87d5

    • SHA512

      2cad6e33730a69bc31378ae4f502f37f6d8f6d1fd85c17830108ab6b056f1b5994bf8254530194df655e433689c2c22e53fea94c5958f8c1ee55f938a6e5486c

    • SSDEEP

      6144:dloZM9rIkd8g+EtXHkv/iD4ZF3A6YXzQAp8aLLyfxmb8e1m6i:/oZmL+EP8ZF3A6YXzQAp8aLLyIo

    Score
    10/10
    umbraldiscoveryexecutionspywarestealer

    • Detect Umbral payload

    • Umbral

      Umbral stealer is an opensource moduler stealer written in C#.

      stealerumbral

    • Umbral family

      umbral

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

      execution

    • Deletes itself

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.