Overview

overview

10

Static

static

10

yukariPRO.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    yukariPRO.exe

  • Size

    231KB

  • Sample

    250120-qyrgga1rhn

  • MD5

    83617498ad1496a62a531bcc1e3719a0

  • SHA1

    80d5f3363370f67086342b43a780362e09171bb8

  • SHA256

    02c1514216aac754514600a3958d3b52311ea8e4dfd3eff1768ee382db1d611c

  • SHA512

    5598953ab899443708e1c4c7c7fd762e43c69d2e40a8af64f48606fda6e275354c6b13ac9d467c1210dd2d9b55bd01dcfe2ab89188e225a38e2b125a543a557e

  • SSDEEP

    6144:GloZMDkOQVGHstJZWdhQETaUNTJq8DjghVkiPviCrj8e1mUJxjDS:woZXUHsHuLNTJq8DjghVkiPviCnPJxj+

Score
10/10
umbralexecutionspywarestealer

Malware Config

Extracted

Family

umbral

C2

https://discord.com/api/webhooks/1329937672709345321/Jk3tShKfPuhT6PHIc_ohSYHsDFNPEuycYnvEnFJp6d106ycgjUyJxWSCWzE_nXJjpP6H

Targets

    • Target

      yukariPRO.exe

    • Size

      231KB

    • MD5

      83617498ad1496a62a531bcc1e3719a0

    • SHA1

      80d5f3363370f67086342b43a780362e09171bb8

    • SHA256

      02c1514216aac754514600a3958d3b52311ea8e4dfd3eff1768ee382db1d611c

    • SHA512

      5598953ab899443708e1c4c7c7fd762e43c69d2e40a8af64f48606fda6e275354c6b13ac9d467c1210dd2d9b55bd01dcfe2ab89188e225a38e2b125a543a557e

    • SSDEEP

      6144:GloZMDkOQVGHstJZWdhQETaUNTJq8DjghVkiPviCrj8e1mUJxjDS:woZXUHsHuLNTJq8DjghVkiPviCnPJxj+

    Score
    10/10
    umbralexecutionspywarestealer

    • Detect Umbral payload

    • Umbral

      Umbral stealer is an opensource moduler stealer written in C#.

      stealerumbral

    • Umbral family

      umbral

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

      execution

    • Drops file in Drivers directory

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks