Overview
overview
10Static
static
10cyber vortex 3.rar
windows7-x64
3cyber vortex 3.rar
windows10-2004-x64
3EasyExploits.dll
windows7-x64
1EasyExploits.dll
windows10-2004-x64
1FastColore...ox.dll
windows7-x64
1FastColore...ox.dll
windows10-2004-x64
1Scripts/read me.txt
windows7-x64
1Scripts/read me.txt
windows10-2004-x64
1cyber vortex 3.exe
windows7-x64
10cyber vortex 3.exe
windows10-2004-x64
10Behavioral task
behavioral1
Sample
cyber vortex 3.rar
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
cyber vortex 3.rar
Resource
win10v2004-20230220-en
Behavioral task
behavioral3
Sample
EasyExploits.dll
Resource
win7-20230220-en
Behavioral task
behavioral4
Sample
EasyExploits.dll
Resource
win10v2004-20230220-en
Behavioral task
behavioral5
Sample
FastColoredTextBox.dll
Resource
win7-20230220-en
Behavioral task
behavioral6
Sample
FastColoredTextBox.dll
Resource
win10v2004-20230220-en
Behavioral task
behavioral7
Sample
Scripts/read me.txt
Resource
win7-20230220-en
Behavioral task
behavioral8
Sample
Scripts/read me.txt
Resource
win10v2004-20230220-en
Behavioral task
behavioral9
Sample
cyber vortex 3.exe
Resource
win7-20230220-en
General
-
Target
cyber vortex 3.rar
-
Size
238KB
-
MD5
91d80ed4406e67ece325383e6f7f24e3
-
SHA1
5840722eb933d086c82e0ee3838beed3f0bc45a4
-
SHA256
c9ec4eedb1e3aecfbb616ea4e4c3275e2b1ec7aeac7a714fbf9a97d43006c455
-
SHA512
27bf5e5876a084727d7f85dc3020f49d4fdfade7cf85a43df06e6c72ff4324a848b767a1a4fc92b589cccf638e362def07215ea72da42e818378d97dc5a7e13c
-
SSDEEP
6144:tze7SZgMpjc6hr6em+OeooHEjNug8Vn/lCdY5C0Y9n6DIG:HRpj76eZkjNud/sdKwkJ
Malware Config
Extracted
umbral
https://discord.com/api/webhooks/1119647627798138880/G1mEes2ZAiZ5cWBV4qfRXKYsUJBh6WFAkcuLDN_oZbx54PdJy0_gDk3jBJIVu-NAV6rw
Signatures
-
Detect Umbral payload 1 IoCs
resource yara_rule static1/unpack001/cyber vortex 3.exe family_umbral -
Umbral family
-
Unsigned PE 3 IoCs
Checks for missing Authenticode signature.
resource unpack001/EasyExploits.dll unpack001/FastColoredTextBox.dll unpack001/cyber vortex 3.exe
Files
-
cyber vortex 3.rar.rar
Password: 123
-
EasyExploits.dll.dll windows x86
Password: 123
dae02f32a21e03ce65412f6e56942daa
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
mscoree
_CorDllMain
Sections
.text Size: 6KB - Virtual size: 5KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1024B - Virtual size: 920B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
FastColoredTextBox.dll.dll windows x86
Password: 123
dae02f32a21e03ce65412f6e56942daa
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
mscoree
_CorDllMain
Sections
.text Size: 320KB - Virtual size: 320KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
Scripts/read me.txt
-
cyber vortex 3.exe.exe windows x86
Password: 123
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 225KB - Virtual size: 225KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 127KB - Virtual size: 127KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ