Extracted

• • Target

    Umbral.exe

  • Size

    229KB

  • MD5

    577b6f4a24d7da6c31b25061ba2ca003

  • SHA1

    d225ba9696ca5654adaaca34df547cd79277f492

  • SHA256

    6be3e35737657d88cea9f770fbc4d0129ac97130ed394f051947abfbe65934cf

  • SHA512

    d84e775ff672a282fa06efb23a7739a0075cae45337bc7682da6b47e44abf7a6e8a685787f684b28010d35f47bd14b2f461f328926e3b02eb84586af92dbdeca

  • SSDEEP

    6144:lloZM0rIkd8g+EtXHkv/iD4Z1HmVjgULtyD1Ac5bs+b8e1mvFi:noZDL+EP8Z1HmVjgULtyD1Ac5b+M

  Score

  10^/10

  umbralexecutionspywarestealer

  • Detect Umbral payload

  • Umbral

    Umbral stealer is an opensource moduler stealer written in C#.

    stealerumbral

  • Umbral family

    umbral

  • Command and Scripting Interpreter: PowerShell

    Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    execution

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Legitimate hosting services abused for malware hosting/C2

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  behavioral1