Extracted

• • Target

    GeneratorKontMinecraft.exe

  • Size

    229KB

  • MD5

    c9f4abcf1c590b565096f62cb9c16a16

  • SHA1

    64fe0fdb6ec501217e8323cf640492baa17e9805

  • SHA256

    7cc4986dc20df19411853b438b5ab5ed120bbbd8a230179587184b764a1db0ed

  • SHA512

    1671e3219bfb04991790b9b06e046d74309635613bf4e72ea80070613784fb38f26dfbe5e5ca7a57214eb68372cd8fb773e0a1d476db0b800cb77e69e9c8ba2e

  • SSDEEP

    6144:lloZM+rIkd8g+EtXHkv/iD4SxaokqNlO5LWU1pAR6b8e1mji:noZtL+EP8SxaokqNlO5LWU1pAoB

  Score

  10^/10

  umbraldiscoveryexecutionspywarestealer

  • Detect Umbral payload

  • Umbral

    Umbral stealer is an opensource moduler stealer written in C#.

    stealerumbral

  • Umbral family

    umbral

  • Command and Scripting Interpreter: PowerShell

    Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    execution

  • Drops file in Drivers directory

  • Deletes itself

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Legitimate hosting services abused for malware hosting/C2

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  behavioral1behavioral2