umbral | a98748afbd3f2a4f86a601eba6edcbce501d27ef25211d6a905ac6af4972816e | Triage

Sharing

General

Target

black ops 6.rar
Size

83KB
Sample

250113-qkzwpatkcv
MD5

8798d9d8f4f6d166ee919e18fb6dd088
SHA1

6683954082f40bb8e27797430312ce96b6dcb48e
SHA256

a98748afbd3f2a4f86a601eba6edcbce501d27ef25211d6a905ac6af4972816e
SHA512

7acd7d019d1a2b46f74c9384985d7a832abb914ca4096b39a09849f875905d76c6a936b440a313176596628979a4f9ecc795edec17c1ffa6e57ec420d0d30e14
SSDEEP

1536:pcheGdCNYiGBBV7jEGT5vbikyIlfnau799Bqj57aMG2H:uhdni+j7vbiHq90j5aMGa

Score

10^/10

umbral discovery execution spyware stealer

Malware Config

Extracted

Family

umbral

C2

https://discord.com/api/webhooks/1327867255689842730/_ULB6S7o2Op8KjrN85w5tHjL9oXLj28gNXHfqbVcIDYvguewfw17RyzIYvFFXMKHbKON

Targets

- Target
  
  black ops 6/Call of Duty.exe
- Size
  
  232KB
- MD5
  
  6b61cf8c88fadac330d0f9e6250c7c78
- SHA1
  
  7811fe5dc09a3677df1ab475408612d3058af724
- SHA256
  
  2a13f0c0d799ce333dc553122f96285d3ad57eb9671e860884c605362722c03f
- SHA512
  
  d3efe5f1d0bbcaa324934135a8da8348cd213ab4ceb7d87c3584979895bf895ed60910ce92f7d19efa6ceee22891da0dbe5596b1eafcf8f932d7a3c3f95928bd
- SSDEEP
  
  6144:xloZM+rIkd8g+EtXHkv/iD4urp7KInDAXZMK7bCLob8e1m9Oi:DoZtL+EP8urp7KInDAXZMK7bCs+j
Score

10^/10

umbral discovery execution spyware stealer
- Detect Umbral payload
- Umbral
  Umbral stealer is an opensource moduler stealer written in C#.
  stealer umbral
- Umbral family
  umbral
- Command and Scripting Interpreter: PowerShell
  Using powershell.exe command.
  execution
- Drops file in Drivers directory
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

Remote System Discovery

System Information Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

umbraldiscoveryexecutionspywarestealer