General
-
Target
blasted.zip
-
Size
90KB
-
Sample
250105-trnc1s1nbn
-
MD5
c0c1f4d447518ec3466b3196a6bc8bca
-
SHA1
9cf2ec0c7bfb0ba18e85fe5c79d61165cb14dbbe
-
SHA256
2761a5557845a1135de74de2cdb687900d3bd244d9d1966dd195cbfba61be36b
-
SHA512
27fa369739f241bdfe06331dad818b23685c5c0cd0d2f76498706809685e28f60ad51ae310da768dda20bfece81da1a2dca964fcd4ac289f61872b5c0a9a0443
-
SSDEEP
1536:a7k84F02OAAVLwSnX6BkLWU+tgX0I6BZftKXPfK1wg6/9MJAfbOYa1FSsediF:/3tqLL647kBJAXa1wg6/HbOYKekF
Malware Config
Extracted
umbral
https://discord.com/api/webhooks/1318597375148687402/hi7z2fLgO4RRvXrp-fdHKsRpZGU-JbAhrm4wxVPBT5TIEA3KCmg8Y6RBurUI3jSJhEQ5
Targets
-
-
Target
blasted.exe
-
Size
229KB
-
MD5
21e6f749bf59138d1528e64a34a88903
-
SHA1
4f2447e8476dad93e39aac775a7bf91c2c8cd4b8
-
SHA256
9952e7c346539dc361b2bda461eebf047ce00a2e3eb2bb3ab6f3fa0c0b5d87d5
-
SHA512
2cad6e33730a69bc31378ae4f502f37f6d8f6d1fd85c17830108ab6b056f1b5994bf8254530194df655e433689c2c22e53fea94c5958f8c1ee55f938a6e5486c
-
SSDEEP
6144:dloZM9rIkd8g+EtXHkv/iD4ZF3A6YXzQAp8aLLyfxmb8e1m6i:/oZmL+EP8ZF3A6YXzQAp8aLLyIo
Score10/10-
Detect Umbral payload
-
Umbral
Umbral stealer is an opensource moduler stealer written in C#.
-
Umbral family
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Deletes itself
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1