umbral | 8161798db8edce12fa902151dda8562edbec804bd2e5256e4ed35124ecf4891e | Triage

Submit
Reports

Overview

overview

Static

static

3

Edge.exe

windows10-2004-x64

Sharing

General

Target

Edge.exe
Size

375KB
Sample

230714-ca5gjabh27
MD5

9c0a7d6267feb0e77ddf181e95d48b72
SHA1

ebbe54a2eb63652e5d75e5875410d914b5b4928c
SHA256

8161798db8edce12fa902151dda8562edbec804bd2e5256e4ed35124ecf4891e
SHA512

426eca46895bd1d2d98c6a586e535e0f39ad55145b4ca6d56ed972f9e96e9ac521a10094a8447cabc3c27d29c6880ac3401f1a22d2c48a49aa8655e363ba4096
SSDEEP

6144:tfWwGYVWUBA5Kw3J92q4Eh7E7PBl0gvv1+TrEuoA0k9M+BK578+9pe5v0WURy:sYVWyI3J98Ei7PBl0g8rELA0nz5oQNWw

Score

10^/10

umbral persistence stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

Edge.exe

Resource

win10v2004-20230703-en

umbral persistence stealer

windows10-2004-x64

15 signatures

1800 seconds

Malware Config

Extracted

Family

umbral

C2

https://discord.com/api/webhooks/1126841818676469870/wKxpU1x96IZptY7EnGleqZ9QSvJnnb_kUZs-okVDW4YwrmKMhSdXUiJ2NC1IkE5gclP3

Targets

- Target
  
  Edge.exe
- Size
  
  375KB
- MD5
  
  9c0a7d6267feb0e77ddf181e95d48b72
- SHA1
  
  ebbe54a2eb63652e5d75e5875410d914b5b4928c
- SHA256
  
  8161798db8edce12fa902151dda8562edbec804bd2e5256e4ed35124ecf4891e
- SHA512
  
  426eca46895bd1d2d98c6a586e535e0f39ad55145b4ca6d56ed972f9e96e9ac521a10094a8447cabc3c27d29c6880ac3401f1a22d2c48a49aa8655e363ba4096
- SSDEEP
  
  6144:tfWwGYVWUBA5Kw3J92q4Eh7E7PBl0gvv1+TrEuoA0k9M+BK578+9pe5v0WURy:sYVWyI3J98Ei7PBl0g8rELA0nz5oQNWw
Score

10^/10

umbral persistence stealer
- Detect Umbral payload
- Umbral
  Umbral stealer is an opensource moduler stealer written in C#.
  stealer umbral
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

umbralpersistencestealer

© 2018-2025

Terms | Privacy