General
-
Target
ASyncInstaller.zip
-
Size
92KB
-
MD5
92cbb4a37908962409c06c3b49d1b10f
-
SHA1
77a6ee8b92e295e532cc336839d3bf4b4a4a5930
-
SHA256
df837d571a8f552df3a44469366f7d6c37d433da7e6c7ca9becd765fc8ba0d96
-
SHA512
793abf7191ae17f45ab58598be41e6701c07e9d79e26264d43739c40bb405513623778943d8d2b09aaeb08ebdd26de6dc365e35a54aa59392f39c177a85ce37d
-
SSDEEP
1536:g67eqQRbCDgubHUZb/H+YAyxBpooybvHqx5fpM7NQljth9m52JocwR5ypVOocPHX:laCDgubHUlf+YAgpoBHqjfpMqls5swSw
Malware Config
Extracted
umbral
https://canary.discord.com/api/webhooks/1122952465063612421/Bz3tYEXYmVU2e4c5-1j8AyVX1r6p9ZEvLpzX95HtQ7Rg9Ty4r__5k6VGkLtHJHfTL9F-
Signatures
-
Detect Umbral payload 1 IoCs
resource yara_rule static1/unpack001/ASyncInstaller.exe family_umbral -
Umbral family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource unpack001/ASyncInstaller.exe
Files
-
ASyncInstaller.zip.zip
Password: async
-
ASyncInstaller.exe.exe windows x86
Password: async
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 228KB - Virtual size: 228KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 7KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ