Extracted

• • Target

    CrypticBootstrapper.exe

  • Size

    235KB

  • MD5

    6ead93b6a9556b1fb06864131b2f5593

  • SHA1

    fa1b1a247aa197036c94667e9f3c0ed8d79a22bc

  • SHA256

    2c00e70fba3fc1ba12f7651d73a23c1294c684c507742c754f9460ecdcdf5fc6

  • SHA512

    8a388cdcb275afd74b1f7320f8d0882847ae88a949924603022e7e7c6dd855f8004166119f7f3a9aff54ff83ce0264dd25d17338071e4137e6a25a5ce2764202

  • SSDEEP

    6144:rloZMLrIkd8g+EtXHkv/iD4HbmedLocDXabtIExfHb8e1mILKpi:poZ0L+EP8HbmedLocDXabtIExrfKw

  Score

  10^/10

  umbralexecutionspywarestealer

  • Detect Umbral payload

  • Umbral

    Umbral stealer is an opensource moduler stealer written in C#.

    stealerumbral

  • Umbral family

    umbral

  • Command and Scripting Interpreter: PowerShell

    Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    execution

  • Drops file in Drivers directory

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Legitimate hosting services abused for malware hosting/C2

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  behavioral1