General

  • Target

    b5b55f24a20bf036b8bd5b0475e8050ce8eff7fc97541c3805ba04f7dda6b361.exe

  • Size

    229KB

  • Sample

    250125-az1tjaxrhp

  • MD5

    279b7dad4be41fbc9bdefe4e7a47e894

  • SHA1

    6d07ef9bff3877c69ecc3755c5aeada418c7225a

  • SHA256

    b5b55f24a20bf036b8bd5b0475e8050ce8eff7fc97541c3805ba04f7dda6b361

  • SHA512

    36d0a56e4c4918ed0d0ba42b8f424f9fee8a88f10649a8e18a09e99a8f2333d932e6c56243f7f75b34afae595ba58b90383b86aecc4b9046a00effec592ea748

  • SSDEEP

    6144:tloZM+rIkd8g+EtXHkv/iD4/E0fAmB5Kz/Cwhl0Adb8e1mc3liI:voZtL+EP8/E0fAmB5Kz/Cwhl007cI

Malware Config

Extracted

Family

umbral

C2

https://discord.com/api/webhooks/1330520674737065984/wAiQioltW-4FvXy-ncOMtKyLEmMWGAXhzHpA-G43Qe5DD_tIZIJcgFMKC_EwekK39ywr

Targets

    • Target

      b5b55f24a20bf036b8bd5b0475e8050ce8eff7fc97541c3805ba04f7dda6b361.exe

    • Size

      229KB

    • MD5

      279b7dad4be41fbc9bdefe4e7a47e894

    • SHA1

      6d07ef9bff3877c69ecc3755c5aeada418c7225a

    • SHA256

      b5b55f24a20bf036b8bd5b0475e8050ce8eff7fc97541c3805ba04f7dda6b361

    • SHA512

      36d0a56e4c4918ed0d0ba42b8f424f9fee8a88f10649a8e18a09e99a8f2333d932e6c56243f7f75b34afae595ba58b90383b86aecc4b9046a00effec592ea748

    • SSDEEP

      6144:tloZM+rIkd8g+EtXHkv/iD4/E0fAmB5Kz/Cwhl0Adb8e1mc3liI:voZtL+EP8/E0fAmB5Kz/Cwhl007cI

    • Detect Umbral payload

    • Umbral

      Umbral stealer is an opensource moduler stealer written in C#.

    • Umbral family

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Drops file in Drivers directory

    • Deletes itself

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks