General
-
Target
1231321312.lnk
-
Size
2KB
-
Sample
250323-sbbtlstzct
-
MD5
a83ed03220cbc79bcbcaae9a57d0b95a
-
SHA1
062d88505a421b491c8614ccff1d8fdd34453e18
-
SHA256
c30599a71b6129c75b93e7b508cc307928df2677fe1b00357547481662522033
-
SHA512
97f7b63aa0435cbe3fb597f3a18941d0697c053ff75ccfdfae55f2e0f70afde85e6ef82e0c90077dcbc933247b8ac568f1fd28a7b3cc1f0eb1af9640f409a349
Static task
static1
Malware Config
Targets
-
-
Target
1231321312.lnk
-
Size
2KB
-
MD5
a83ed03220cbc79bcbcaae9a57d0b95a
-
SHA1
062d88505a421b491c8614ccff1d8fdd34453e18
-
SHA256
c30599a71b6129c75b93e7b508cc307928df2677fe1b00357547481662522033
-
SHA512
97f7b63aa0435cbe3fb597f3a18941d0697c053ff75ccfdfae55f2e0f70afde85e6ef82e0c90077dcbc933247b8ac568f1fd28a7b3cc1f0eb1af9640f409a349
-
Detect Umbral payload
-
Umbral family
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-