umbral | 88556497794511dde0ca0a1bfee08922288a620c95a8bc6f67d50dbb81684b22 | Triage

Submit
Reports

Overview

overview

Static

static

7

wm.exe

windows7-x64

wm.exe

windows10-2004-x64

Sharing

General

Target

wm.exe
Size

3.0MB
Sample

230622-e6el4adg8v
MD5

1335a17d311b929988693fb526dc4717
SHA1

062830cb07ce430fe049627e001ef23fba8ba351
SHA256

88556497794511dde0ca0a1bfee08922288a620c95a8bc6f67d50dbb81684b22
SHA512

4a4496ed95c7ff13e8735646a6b8c478742a2f152a3733122fcbac54c0cd7c04571acae789c2ac67dc07d542663290c9e32b3335827e122470d8b887477d7bab
SSDEEP

49152:NguQhMOPX5M+RXNM5428gYbM8gkw0Q4qAew+0Fr95s9e54OyRGEK2+qc2LBhW:6/hMOP2a9MLiVed0Zqe54OCGL2NLPW

Score

10^/10

umbral evasion stealer themida trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

wm.exe

Resource

win7-20230621-en

umbral evasion stealer themida trojan

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

wm.exe

Resource

win10v2004-20230621-en

umbral evasion stealer themida trojan

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Extracted

Family

umbral

C2

https://discord.com/api/webhooks/1118163594568286339/M-x5dkJ7qP3mQPZTzttw8LKBX9G63bPw9edrYMRuBg3sffUGWg-W4EW9HaBcdak0-wis

Targets

- Target
  
  wm.exe
- Size
  
  3.0MB
- MD5
  
  1335a17d311b929988693fb526dc4717
- SHA1
  
  062830cb07ce430fe049627e001ef23fba8ba351
- SHA256
  
  88556497794511dde0ca0a1bfee08922288a620c95a8bc6f67d50dbb81684b22
- SHA512
  
  4a4496ed95c7ff13e8735646a6b8c478742a2f152a3733122fcbac54c0cd7c04571acae789c2ac67dc07d542663290c9e32b3335827e122470d8b887477d7bab
- SSDEEP
  
  49152:NguQhMOPX5M+RXNM5428gYbM8gkw0Q4qAew+0Fr95s9e54OyRGEK2+qc2LBhW:6/hMOP2a9MLiVed0Zqe54OCGL2NLPW
Score

10^/10

umbral evasion stealer themida trojan
- Detect Umbral payload
- Umbral
  Umbral stealer is an opensource moduler stealer written in C#.
  stealer umbral
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

umbralevasionstealerthemidatrojan

behavioral2

umbralevasionstealerthemidatrojan

© 2018-2025

Terms | Privacy