Overview
overview
10Static
static
10Stealer.zip
windows10-2004-x64
1Mono.Cecil.Mdb.dll
windows10-2004-x64
1Mono.Cecil.Mdb.pdb
windows10-2004-x64
3Mono.Cecil.Pdb.dll
windows10-2004-x64
5Mono.Cecil.Pdb.pdb
windows10-2004-x64
3Mono.Cecil.Rocks.dll
windows10-2004-x64
1Mono.Cecil.Rocks.pdb
windows10-2004-x64
3Mono.Cecil.dll
windows10-2004-x64
5Mono.Cecil.pdb
windows10-2004-x64
3Umbral Builder.exe
windows10-2004-x64
1Umbral Bui...config
windows10-2004-x64
3Umbral Builder.pdb
windows10-2004-x64
3Umbral.exe
windows10-2004-x64
10Vestris.Re...ib.dll
windows10-2004-x64
1jose-jwt.dll
windows10-2004-x64
5General
-
Target
Stealer.zip
-
Size
518KB
-
Sample
230628-lr665aha24
-
MD5
c31be5c8d958ff492fb1ce48720ee675
-
SHA1
2c5df1e4c83afda725e0bc914585a1831760062a
-
SHA256
ff7706dad388652ba868408d8848872f1a19d0e6f1a730c31c88572af5faa8bf
-
SHA512
3d0819eb39ddaafd85830b44593c6e2194a9fdc9981e61c12735c16cfe86c40e1dca48dbe9daf2e978ffd086aff9a68e37f4bc1c8ddeb26330f012a3e0f3da38
-
SSDEEP
12288:00nCoPPuPnu9PFujeHuwVP9JfKUq985PbtGELfHcl/3fH7:0QH90muwVFJCL9ogEDclffH7
Behavioral task
behavioral1
Sample
Stealer.zip
Resource
win10v2004-20230621-en
Behavioral task
behavioral2
Sample
Mono.Cecil.Mdb.dll
Resource
win10v2004-20230621-en
Behavioral task
behavioral3
Sample
Mono.Cecil.Mdb.pdb
Resource
win10v2004-20230621-en
Behavioral task
behavioral4
Sample
Mono.Cecil.Pdb.dll
Resource
win10v2004-20230621-en
Behavioral task
behavioral5
Sample
Mono.Cecil.Pdb.pdb
Resource
win10v2004-20230621-en
Behavioral task
behavioral6
Sample
Mono.Cecil.Rocks.dll
Resource
win10v2004-20230621-en
Behavioral task
behavioral7
Sample
Mono.Cecil.Rocks.pdb
Resource
win10v2004-20230621-en
Behavioral task
behavioral8
Sample
Mono.Cecil.dll
Resource
win10v2004-20230621-en
Behavioral task
behavioral9
Sample
Mono.Cecil.pdb
Resource
win10v2004-20230621-en
Behavioral task
behavioral10
Sample
Umbral Builder.exe
Resource
win10v2004-20230621-en
Behavioral task
behavioral11
Sample
Umbral Builder.exe.config
Resource
win10v2004-20230621-en
Behavioral task
behavioral12
Sample
Umbral Builder.pdb
Resource
win10v2004-20230621-en
Behavioral task
behavioral13
Sample
Umbral.exe
Resource
win10v2004-20230621-en
Behavioral task
behavioral14
Sample
Vestris.ResourceLib.dll
Resource
win10v2004-20230621-en
Behavioral task
behavioral15
Sample
jose-jwt.dll
Resource
win10v2004-20230621-en
Malware Config
Targets
-
-
Target
Stealer.zip
-
Size
518KB
-
MD5
c31be5c8d958ff492fb1ce48720ee675
-
SHA1
2c5df1e4c83afda725e0bc914585a1831760062a
-
SHA256
ff7706dad388652ba868408d8848872f1a19d0e6f1a730c31c88572af5faa8bf
-
SHA512
3d0819eb39ddaafd85830b44593c6e2194a9fdc9981e61c12735c16cfe86c40e1dca48dbe9daf2e978ffd086aff9a68e37f4bc1c8ddeb26330f012a3e0f3da38
-
SSDEEP
12288:00nCoPPuPnu9PFujeHuwVP9JfKUq985PbtGELfHcl/3fH7:0QH90muwVFJCL9ogEDclffH7
Score1/10 -
-
-
Target
Mono.Cecil.Mdb.dll
-
Size
42KB
-
MD5
1c6aca0f1b1fa1661fc1e43c79334f7c
-
SHA1
ec0f591a6d12e1ea7dc8714ec7e5ad7a04ef455d
-
SHA256
411f8ed8c49738fa38a56ed8f991d556227d13602e83186e66ae1c4f821c940b
-
SHA512
1c59e939d108f15881d29fe4ced4e5fa4a4476394b58b6eb464da77192cb8fe9221b7cd780af4596914d4cce7c3fc53f1bb567f944c58829de8efbe1fd87be76
-
SSDEEP
768:Ar5EYZep98C87KHeBUZwrEzsEAnbF+em50KktmM4CRIcZwMRTIzMAtpw:Ar59g98C87KHeBUb5AnZG+zdwMRTzAtS
Score1/10 -
-
-
Target
Mono.Cecil.Mdb.pdb
-
Size
18KB
-
MD5
073d9d6c9c71f66151b84a376ede4a9d
-
SHA1
2101dfe180528b00af6596cc04af7d6d70eae943
-
SHA256
891251514aa16f94485263c52faba51bb5bb3495b9fad382c74f6c9da78718dd
-
SHA512
4135cbce4eebf255b143f3ef03525a0f9e0322a7a682584ec87b025aeaeb9c2d7294394bc9aacc87313047ac71c5b3b83429a93af4f4549f596c5a32b6587779
-
SSDEEP
384:uqgdBvkE/zECNLuSW5oAs+yj7tVcV6uGK2tmrNvnmBXizuXNYpkUkBqukOVOtq/y:NABvkE/znuSEMj7t++F9BquYKoZ
Score3/10 -
-
-
Target
Mono.Cecil.Pdb.dll
-
Size
87KB
-
MD5
6d5eb860c2be5dbeb470e7d3f3e7dda4
-
SHA1
80c76660b87c52127b1a7da48e27700f75362041
-
SHA256
447ede1984bb4acd73bd97c0ec57a11c079cee8301c91fb199ca98c1906d3cc4
-
SHA512
64cf4fe7de68a35720d2b9338ba9cf182e127d95d72d2ccf7ff5c73a368133663e70c988a460825fa87b2d03717a4447948d5262f56aceb7c3bf1cb3ab5a41a5
-
SSDEEP
1536:2OCAsdBo+am5OMwr5IlALYKXgAJGsZhTjrjvjCXeO:ZCjta0OMuIlArVJGqT/jveXeO
Score5/10-
Drops file in System32 directory
-
-
-
Target
Mono.Cecil.Pdb.pdb
-
Size
25KB
-
MD5
711c5f65bd140e72ee30b33f14fbf100
-
SHA1
3e090fd877988c75ae1b225941d4cd1810dac62f
-
SHA256
7c3a6b12ef0676d3dc80a4e2b790f3dec4d7fdaa182b2181c3f6ee283b118a9e
-
SHA512
fa24633b751a940c2fbf4c5f91cfe4a50cda0554d748cab2d3a06e68677fd579490f6143e34b9ffa442d7e766e435553054d1a58eb15511509bc2ee38b53026b
-
SSDEEP
384:scLpiGBZv4MIakMhVPaN1NsDIsG0TypbdTWhmtqsqMfK35OWF1nbsALpmQVVj:scLgikcVPaJsssGGAdcm3fKhDsAFJ
Score3/10 -
-
-
Target
Mono.Cecil.Rocks.dll
-
Size
27KB
-
MD5
6e7f0f4fff6c49e3f66127c23b7f1a53
-
SHA1
14a529f8c7ee9f002d1e93dcf8ff158ab74c7e1a
-
SHA256
2e2623319bdc362974a78ea4a43f4893011ec257884d24267f4594142fcd436e
-
SHA512
0c773da6717dd6919cd6241d3cee26ab00bb61ea2dbeff24844a067af4c87ff5cbdb2fe3ada5db4707cee921b3fb353bd12ee22b8490597d4f67ad39bace235e
-
SSDEEP
384:70ve8JOuJ5iC7n2NwxEXCni+VXcMeDz8PmR1ugLoaeuLMBG9UphJAprjE3uFLHa9:7+m4iCyrXOhG8uRssveum1pMFLHFBvd
Score1/10 -
-
-
Target
Mono.Cecil.Rocks.pdb
-
Size
8KB
-
MD5
4c98b54bf658db95dfb4d1ae6bed2565
-
SHA1
c5a0035a75f52addeb730102fd67d3c63fe1c815
-
SHA256
5fcf9491b8d73f1f90a83ee7bda9097043903ba18822f1f22eacf92338b0d619
-
SHA512
72cf714bc20660f2ab18fbcd74b84e9aa7d85fe77482ebd3b135c5c6db0dc7ab2523c418ca3ff44f301eec66742cea3c11e6c9575bf9cec90906d60a156291b0
-
SSDEEP
192:bAHD2V/OLaMD04CRS68yhpMqxauyKixCEyKKJA5es:bOC02bHR7ZpMqxnyZx90A0s
Score3/10 -
-
-
Target
Mono.Cecil.dll
-
Size
350KB
-
MD5
de69bb29d6a9dfb615a90df3580d63b1
-
SHA1
74446b4dcc146ce61e5216bf7efac186adf7849b
-
SHA256
f66f97866433e688acc3e4cd1e6ef14505f81df6b26dd6215e376767f6f954bc
-
SHA512
6e96a510966a4acbca900773d4409720b0771fede37f24431bf0d8b9c611eaa152ba05ee588bb17f796d7b8caaccc10534e7cc1c907c28ddfa54ac4ce3952015
-
SSDEEP
6144:jIevdbLPNYe8bikm98KXPHhOWY/fFREomhUFD3z:se1PNL+QRfBg/f/EWFD
Score5/10-
Drops file in System32 directory
-
-
-
Target
Mono.Cecil.pdb
-
Size
179KB
-
MD5
9a345fce8746876db39aa5622a771163
-
SHA1
0ef737ac80d795638e3d1daeb218dd4f88a0e344
-
SHA256
ecf13638359a5a9fe271966924cf543c4b440c2dc274e9d94069ef50bbc95482
-
SHA512
d5cb744998ef5e54ed95e75e9f7acecd0ad02e466f618a13f485d287dcfb9890f17685010891795646e25a289c63a70c721b5069a5c1803290363a76612781d0
-
SSDEEP
3072:DLtRClW/rO9m0rXNabVUqeI9jZulTCJ4MuCbK7v:DnC8/batIZczn7v
Score3/10 -
-
-
Target
Umbral Builder.exe
-
Size
79KB
-
MD5
596a5541a68bcb4d5c606f4ca54fbbb5
-
SHA1
fcf605d48237f2413ab8a3c92b3337e12cc38121
-
SHA256
8e5653fb47d71c24d84ef6688606133661be290d7f395bc39fd7485389eb6426
-
SHA512
ef2121e13887852ff9ab9b5cf85dce6fc4d4b85dc0981b0bd33211dc9c5c95bb6595d1071030f093875567ab3be5aa6703d4759339a27a0b94d45807f1fbcf91
-
SSDEEP
1536:y5TnXqJ1MdYC0NE6BxI2HUxWuFXhZupcuS1WPqsVtBp:wTnX21MdYC0NE6BxI2HUxWuFXhZu+uqW
Score1/10 -
-
-
Target
Umbral Builder.exe.config
-
Size
187B
-
MD5
bb3bace47d39b305f86f95539d882cca
-
SHA1
e0d6602b767f059d5c6cab44eec766028dbf5898
-
SHA256
e36c91a45e9da4873fb89c02ae4e03a7dbfa6505d4c52834a5af054e54c50062
-
SHA512
a589fb2e269e0ebf440dc4cab7c095132baef7d2c0c3fa1079f47950682fe550df9ba54901dea7dbf0fa80050e7c963e187881a14d73bdd398d9b1746cfef0a5
Score3/10 -
-
-
Target
Umbral Builder.pdb
-
Size
95KB
-
MD5
e8b7b386f2a1bd9b882c2951d35bb752
-
SHA1
42dc39e18d71e9a3fa0f633ed609bb5796c2cb7f
-
SHA256
a9d40a95e257d6598419386dbdb717a2e044d4a75392212e019ba6664ddec40e
-
SHA512
9e3e88fa9957f7299be32aac18b04b9abeb529ce348e49b7ee3536b5e5f5aaa17acab130aa1bb2f0432c06b2915ec2dd63dc0ed0a43cf7bd192b731fc64943e3
-
SSDEEP
1536:VHjnA3ofdLINDm5/3f6RYD/BckCajjFWQNd3OxjjdWQN:FfdX93f6RYD/BJjjEjj
Score3/10 -
-
-
Target
Umbral.payload
-
Size
214KB
-
MD5
3c8afbf0e5a3922c5947ad31114d684c
-
SHA1
ad321d5e7a381b74f92b8417249b80edebd2830d
-
SHA256
ab0377fa096635ef253a94df3982ce2d361413428cba8fe59b4ba3f10101f44a
-
SHA512
76a47a3113a69f8b09b6d4dae649e2025a9b3cb58c5803630d85123ccf97d2c30cd5a9160df2d77e0ec5e6fac81c2ab06eb0c259033c98b53f1bf1b3aa3509ae
-
SSDEEP
3072:iXoAc90eBB8Dp4Dbd95jaP6g81D2LpMYXol9rFl88e9Jls5T33OG3z:QclK25lgH78e9JSp3OG
-
Detect Umbral payload
-
-
-
Target
Vestris.ResourceLib.dll
-
Size
76KB
-
MD5
944ce5123c94c66a50376e7b37e3a6a6
-
SHA1
a1936ac79c987a5ba47ca3d023f740401f73529b
-
SHA256
7da3f0e77c4dddc82df7c16c8c781fade599b7c91e3d32eefbce215b8f06b12a
-
SHA512
4c034ff51cc01567f3cb0796575528ca44623b864eb606266bcf955a9259ed26b20bec0086d79038158d3a5af2ada0a90f59d7c6aae9e545294fe77825dbe08b
-
SSDEEP
1536:CSSYikTF0Z+sFGu11tIcyI1MtI9eDG3fL7:CJYD0Z9FGu11teI1r9ea3
Score1/10 -
-
-
Target
jose-jwt.dll
-
Size
81KB
-
MD5
3932710fd1cfc829efaee90f08e74208
-
SHA1
105d65bfbc12e8e9c27d6dde9484bc85e7a7f77e
-
SHA256
a02b713b6a99cb0b3f85e9f389275bf904eee8be848b2a8c41507c64b264133a
-
SHA512
0ecb5a5b1ab5308f6c48428e244639f8d5f9a4514f9822a92f29798b1b3e7a0d60922c93543e637abd22613643feeb18cc17cdc9e906a06bc649971e678c0715
-
SSDEEP
1536:OglH/sWHgmHzzCr51o+ZpKEusq5RIH+qh7D259P5h3+F1AAy/Dc:OgyN1nK86Q7D2jPn3+F1AAyg
Score5/10-
Drops file in System32 directory
-