Extracted

• • Target

    test.exe

  • Size

    231KB

  • MD5

    79dbb36ad4aa16d2ba9b0dc335c29663

  • SHA1

    2806cf13d56759fe3015c7b7ba2b4f0439dce3f0

  • SHA256

    fd88f68339f4a1f2f3892667bd5026d60a327d7f3ebe492a09901aa566bc66f5

  • SHA512

    1ae155087e5c1a2c8fc9f44eb3c43bcf4d0f4b4d4a5b56f8b49140db51e1f4a488d2ea917c0731ffb2f182401dbe18682d5571ca0fb09e9e67622bd017bb61f7

  • SSDEEP

    6144:9loZMprIkd8g+EtXHkv/iD4iXptbhS6FgAxDeebVfBb8e1m3oi:foZCL+EP8iXptbhS6FgAxDeebVxa

  Score

  10^/10

  umbralexecutionspywarestealer

  • Detect Umbral payload

  • Umbral

    Umbral stealer is an opensource moduler stealer written in C#.

    stealerumbral

  • Umbral family

    umbral

  • Command and Scripting Interpreter: PowerShell

    Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    execution

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Legitimate hosting services abused for malware hosting/C2

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  behavioral1behavioral2