Extracted

• • Target

    Umbral.exe

  • Size

    231KB

  • MD5

    1386a2acc32c74bd6c5c7c0854ed0057

  • SHA1

    0c7fad651f261659e38a0d248ef293243cd44d2b

  • SHA256

    196836d6a8ec3b17bf20eef67adb66f5c811e547454f0a3593fcdf795db465cf

  • SHA512

    e84390078981e8d5404c854d066242df8fcb09fcdc9c6721e499a99758d63d34e94608910d7f99031c22bf5e2d2ddc21f3126819a38adec13393a2b5d766ced7

  • SSDEEP

    6144:RloZMrfsXtioRkts/cnnK6cMlpDtwt74szeKrd4UBbLxb8e1mii:joZBtlRk83MlpDtwt74szeKrd4UBJg

  Score

  10^/10

  umbralexecutionspywarestealer

  • Detect Umbral payload

  • Umbral

    Umbral stealer is an opensource moduler stealer written in C#.

    stealerumbral

  • Umbral family

    umbral

  • Command and Scripting Interpreter: PowerShell

    Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    execution

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  behavioral1