umbral | c9ec4eedb1e3aecfbb616ea4e4c3275e2b1ec7aeac7a714fbf9a97d43006c455 | Triage

Sharing

General

Target

cyber vortex 3.rar
Size

238KB
Sample

230620-k358jacc5s
MD5

91d80ed4406e67ece325383e6f7f24e3
SHA1

5840722eb933d086c82e0ee3838beed3f0bc45a4
SHA256

c9ec4eedb1e3aecfbb616ea4e4c3275e2b1ec7aeac7a714fbf9a97d43006c455
SHA512

27bf5e5876a084727d7f85dc3020f49d4fdfade7cf85a43df06e6c72ff4324a848b767a1a4fc92b589cccf638e362def07215ea72da42e818378d97dc5a7e13c
SSDEEP

6144:tze7SZgMpjc6hr6em+OeooHEjNug8Vn/lCdY5C0Y9n6DIG:HRpj76eZkjNud/sdKwkJ

Score

10^/10

umbral stealer

Malware Config

Extracted

Family

umbral

C2

https://discord.com/api/webhooks/1119647627798138880/G1mEes2ZAiZ5cWBV4qfRXKYsUJBh6WFAkcuLDN_oZbx54PdJy0_gDk3jBJIVu-NAV6rw

Targets

- Target
  
  cyber vortex 3.rar
- Size
  
  238KB
- MD5
  
  91d80ed4406e67ece325383e6f7f24e3
- SHA1
  
  5840722eb933d086c82e0ee3838beed3f0bc45a4
- SHA256
  
  c9ec4eedb1e3aecfbb616ea4e4c3275e2b1ec7aeac7a714fbf9a97d43006c455
- SHA512
  
  27bf5e5876a084727d7f85dc3020f49d4fdfade7cf85a43df06e6c72ff4324a848b767a1a4fc92b589cccf638e362def07215ea72da42e818378d97dc5a7e13c
- SSDEEP
  
  6144:tze7SZgMpjc6hr6em+OeooHEjNug8Vn/lCdY5C0Y9n6DIG:HRpj76eZkjNud/sdKwkJ
Score

3^/10
behavioral1 behavioral2
- Target
  
  EasyExploits.dll
- Size
  
  8KB
- MD5
  
  d3570d05041f08ab147e5b91c62326f6
- SHA1
  
  9026f951a6555b205b3a29c28f4f2d4504d4ef8c
- SHA256
  
  c277d0a640a08245fb182d7caf93639b846c586ca8287c64a86cfacec231e71c
- SHA512
  
  89d190025873869ba751b31e4d0114a231da8eb8e6f62bd3e26a69fa7e3d7275254d7f485dd7c4cbcf41ab2bcc82d23069fba2a252e88c77145b031ac35877e2
- SSDEEP
  
  96:MF9wmAaKI4BzBEkGQASBIzOlhT/RMWsZ1+UQE4UvFymiZQxs534QA2A6QE2kh:MF9wmT9kGt41M1+UQE4UObA2A7
Score

1^/10
behavioral3 behavioral4
- Target
  
  FastColoredTextBox.dll
- Size
  
  323KB
- MD5
  
  8610f4d3cdc6cc50022feddced9fdaeb
- SHA1
  
  4b60b87fd696b02d7fce38325c7adfc9e806f650
- SHA256
  
  ac926c92ccfc3789a5ae571cc4415eb1897d500a79604d8495241c19acdf01b9
- SHA512
  
  693d1af1f89470eab659b4747fe344836affa0af8485b0c0635e2519815e5a498f4618ea08db9dcf421aac1069a04616046207ee05b9ed66c0a1c4a8f0bddd09
- SSDEEP
  
  6144:0R0J4lx4/7BA4xvNdcwCOg04j0y5mwZkdmsqmLDi5eNH+Dl1SIP0:0R0J48lAovNd7CO34D4b4eNO
Score

1^/10
behavioral5 behavioral6
- Target
  
  Scripts/read me.txt
- Size
  
  87B
- MD5
  
  6680148fe4d170a4822df93f620299ce
- SHA1
  
  c4234fc36e443d589fa54e1c98a7525b2e7f7195
- SHA256
  
  149965be68468535bd3233ebb95db905beaa8f19ec66df438115ea2a35c0bcb3
- SHA512
  
  ea6d5a202b2023c3cb938001e2bf2c75e27231e64374bf89522ce3b0d36dfd13a0f9600f99d2a1f5cbe44cdd916da369c1429c2434338425da86a7e5c232fc81
Score

1^/10
behavioral7 behavioral8
- Target
  
  cyber vortex 3.exe
- Size
  
  354KB
- MD5
  
  287300575c7a8a060ccefd90cbb38126
- SHA1
  
  24f9dea714fc4183c1c2f4b31ef4a3d7efb43990
- SHA256
  
  2699c8c42d65dae5b9566d98db700275c0ffd9eb2b6ac0372f89467d865c9b40
- SHA512
  
  661f8dc6d57339e324afaec9f89891ebbaca1aae8d886745deadf8e54890dc70bc5e7393d051881c0f09eabc92f2eecfddb46d452d35b76e670eb92bf8d6c6e2
- SSDEEP
  
  6144:hloZM+rIkd8g+EtXHkv/iD4MR291XN2eRtENfKK/DWb8e1meizo3E/:ToZtL+EP8k291XN2eRtENfKK/Oszo3E/
Score

10^/10

umbral stealer
- Detect Umbral payload
- Umbral
  Umbral stealer is an opensource moduler stealer written in C#.
  stealer umbral
behavioral10 behavioral9

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10