Extracted

• • Target

    CrypticBootstrapper.exe

  • Size

    235KB

  • MD5

    6a8d9640dcb9e7b51794c51e55cab5ff

  • SHA1

    dcb26de3de2b816e231162e1f73837ec94389e85

  • SHA256

    42f2488da10b923080e378bb6a992a10e8fdb1631023e272d849a0c9d240d73d

  • SHA512

    60b54772d14656f050f228a68446d0344136d861acfb13c59556f12072c0a455a0f589834da17feb962293917262d6ec0d3ed6b6d14904b377b842eb389cd96e

  • SSDEEP

    6144:jloZMcrIkd8g+EtXHkv/iD4dpPtDHdmOh8U9va6vnrRb8e1m/bi:BoZzL+EP8fPtDHdmOh8U9va6vn9s2

  Score

  10^/10

  umbralexecutionspywarestealer

  • Detect Umbral payload

  • Umbral

    Umbral stealer is an opensource moduler stealer written in C#.

    stealerumbral

  • Umbral family

    umbral

  • Command and Scripting Interpreter: PowerShell

    Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    execution

  • Drops file in Drivers directory

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Legitimate hosting services abused for malware hosting/C2

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  behavioral1