Extracted

• • Target

    visatool.exe

  • Size

    229KB

  • MD5

    8d12001c93eefec83bc3df9b79fd662e

  • SHA1

    f2a218e2fe72e57f0c169e58af5a5bad232b155a

  • SHA256

    17122c0a46007455035997b94a339b664d1b69cae5cf6a7b0544be7c2bed0326

  • SHA512

    8878a410caa7a29a9bdd619f7566a10cd41fd97919bcefaa9641d6b3a91fad685cb375a8a0127d7296478f918372d680fe289f2bb84ef72ca3a3ec3eb7edd2ce

  • SSDEEP

    6144:lloZMmrIkd8g+EtXHkv/iD4FOjFT5KyN54ZL22j3vtB48e1mfi:noZ1L+EP80jFT5KyN54ZL22jlAp

  Score

  10^/10

  umbralexecutionspywarestealer

  • Detect Umbral payload

  • Umbral

    Umbral stealer is an opensource moduler stealer written in C#.

    stealerumbral

  • Umbral family

    umbral

  • Command and Scripting Interpreter: PowerShell

    Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    execution

  • Drops file in Drivers directory

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Legitimate hosting services abused for malware hosting/C2

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  behavioral1