Overview

overview

10

Static

static

10

ID TOLL HAKER.exe

windows7-x64

10

ID TOLL HAKER.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ID TOLL HAKER.exe

  • Size

    230KB

  • Sample

    250222-c2wzgawkdt

  • MD5

    1b8e46d407820787a4dccb0d0922788c

  • SHA1

    de5efbaca828296b631a23a0ae7b3059aa006e95

  • SHA256

    c59ef7d6d7af7d2196cf240b6a553ffa9754c11b4c17c0e99a6fe2d04ea0bfda

  • SHA512

    3ec56097228028455183907f95251a183acdd8ad7f9df872d8e1f4bfaab0f10bbe3304d7fccc5640fc5f1e0a79710290a91af20fffc526afdaaa21e2a8809dac

  • SSDEEP

    6144:lloZM+rIkd8g+EtXHkv/iD4z2/uAmB5Ky/Cwhl0vRb8e1mii:noZtL+EP8z2/uAmB5Ky/Cwhl0B8

Score
10/10
umbralstealer

Malware Config

Extracted

Family

umbral

C2

https://discord.com/api/webhooks/1342450855080628285/cwdvn6zVt-9JcBB-CRp-xeQTmztCeC6daz7mNBKNLGK8inxOsv_DiJqPb4eqyXXAjWpl

Targets

    • Target

      ID TOLL HAKER.exe

    • Size

      230KB

    • MD5

      1b8e46d407820787a4dccb0d0922788c

    • SHA1

      de5efbaca828296b631a23a0ae7b3059aa006e95

    • SHA256

      c59ef7d6d7af7d2196cf240b6a553ffa9754c11b4c17c0e99a6fe2d04ea0bfda

    • SHA512

      3ec56097228028455183907f95251a183acdd8ad7f9df872d8e1f4bfaab0f10bbe3304d7fccc5640fc5f1e0a79710290a91af20fffc526afdaaa21e2a8809dac

    • SSDEEP

      6144:lloZM+rIkd8g+EtXHkv/iD4z2/uAmB5Ky/Cwhl0vRb8e1mii:noZtL+EP8z2/uAmB5Ky/Cwhl0B8

    Score
    10/10
    umbralstealer

    • Detect Umbral payload

    • Umbral

      Umbral stealer is an opensource moduler stealer written in C#.

      stealerumbral

    • Umbral family

      umbral

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks