Extracted

• • Target

    yavcheratelochuoes.exe

  • Size

    321KB

  • MD5

    d99a6c59e34f50de751e6930786a904b

  • SHA1

    c0411009b9e7a1d2726f39a9f266b96ecdff8d6d

  • SHA256

    c1e3ca03129496e367262be86412d9f076650f967bfd9c8dccd521d403759b2c

  • SHA512

    31fd1143cc22a24dea915d15b1b1a9a8994d2619465d3ee152ffdb32587e5ffcf93ccbf2a9ed862df5a786a99baf7746334e328c2e6bfda8b6549e6ea3cbc63b

  • SSDEEP

    6144:oTJUZmIUlTdNceR/05yiZHtCVNCpmeMvDRi:o6sxNcK/05hZxI

  Score

  10^/10

  umbralxwormdiscoveryratstealertrojan

  • Detect Umbral payload

  • Detect Xworm Payload

  • Umbral

    Umbral stealer is an opensource moduler stealer written in C#.

    stealerumbral

  • Umbral family

    umbral

  • Xworm

    Xworm is a remote access trojan written in C#.

    trojanratxworm

  • Xworm family

    xworm

  • Executes dropped EXE

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  behavioral1