Extracted

• • Target

    2.exe

  • Size

    228KB

  • MD5

    22c66a144f89f219d9f7bef81578dd48

  • SHA1

    ad7235aadd9583fd423a5f36a5c65a6213d23fff

  • SHA256

    9c1f1a7105e258fc4b5df94ba02bd41ddbe55bc82c88cd718fa5b2fac5969f00

  • SHA512

    78316d05a92f3c4d9be0f18d1bbc86529961917d83cb00de36a396e96b2357564e354e9cfdc364f08d7e96bdd8602296e6df6eb0d2ea21029c7a45e116edb7a0

  • SSDEEP

    6144:uloZMmrIkd8g+EtXHkv/iD4k5MTaL7j8e1myi:4oZ1L+EP8+LPW

  Score

  10^/10

  umbralexecutionspywarestealer

  • Detect Umbral payload

  • Umbral

    Umbral stealer is an opensource moduler stealer written in C#.

    stealerumbral

  • Umbral family

    umbral

  • Command and Scripting Interpreter: PowerShell

    Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    execution

  • Drops file in Drivers directory

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Legitimate hosting services abused for malware hosting/C2

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  behavioral1behavioral2