General
-
Target
solara.exe
-
Size
234KB
-
Sample
250222-w588rawkbj
-
MD5
cf286a2735b846ab217c40e856790ed4
-
SHA1
53bd95dbc70e30f4cb57fa9c47eb986159c851ea
-
SHA256
95f1bd4a4a436c6d1c4140a64a6abcc09d526fed27ca47f5802011e47387ea4f
-
SHA512
ebd05e8b1f80ccc875f784e75a453555fa5ac255dad564d0c093765a3a91527a134b939257730fee221d38ee5f6db2e3649e3e3266ead605593a99411d1ae3af
-
SSDEEP
6144:DloZMNrIkd8g+EtXHkv/iD41cEDCg/7IzR0STTKKx4b8e1mtEi:hoZmL+EP81cEDCg/7IzR0STTKK+6t
Malware Config
Extracted
umbral
https://discord.com/api/webhooks/1342898117472817264/fTjPal4nCRnm8awdwtkV5HXPzchfGfea3NrJCL-sc3EQbnVeo_48WxsznsQBigI_RdBp
Targets
-
-
Target
solara.exe
-
Size
234KB
-
MD5
cf286a2735b846ab217c40e856790ed4
-
SHA1
53bd95dbc70e30f4cb57fa9c47eb986159c851ea
-
SHA256
95f1bd4a4a436c6d1c4140a64a6abcc09d526fed27ca47f5802011e47387ea4f
-
SHA512
ebd05e8b1f80ccc875f784e75a453555fa5ac255dad564d0c093765a3a91527a134b939257730fee221d38ee5f6db2e3649e3e3266ead605593a99411d1ae3af
-
SSDEEP
6144:DloZMNrIkd8g+EtXHkv/iD41cEDCg/7IzR0STTKKx4b8e1mtEi:hoZmL+EP81cEDCg/7IzR0STTKK+6t
Score10/10-
Detect Umbral payload
-
Umbral
Umbral stealer is an opensource moduler stealer written in C#.
-
Umbral family
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-