Overview

overview

10

Static

static

3

PI NO HK06162023.exe

windows7-x64

10

PI NO HK06162023.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    PI NO HK06162023.exe

  • Size

    326KB

  • Sample

    230721-mqtebaeg7s

  • MD5

    8049da05dd14298aba0faa157c721664

  • SHA1

    89e0d5226dfac3813466e8d9e4095d1648c19452

  • SHA256

    2b02dfe30d1bdad38df832a7164e71c8a0f28a5b780bc0b3a2eba7fbc7def0cb

  • SHA512

    4ec770d14e652cd102502544dd477b568242ecb69e288d38364a4e6bbbdf48a21934bfd6c1d76f3517c4279c2c6c62ce60dda3b6665140326c40a2f0630989ac

  • SSDEEP

    6144:nYa6xd9Zv5tVDRXf/C7g6ZhfTtITkv9FwgLm+8dNlbSEh0q:nYzdHZDRXnYLHfTt9FwgL81bd/

Score
10/10
umbralpersistencestealer

Malware Config

Extracted

Family

umbral

C2

https://discordapp.com/api/webhooks/1131836991311462550/-mkgzQhSrd73j6lwkfw8nMu_8fZA6dqs-ZNgHOUf_Y8udc7p78mFVaWigCq6Z5erPTXV

Targets

    • Target

      PI NO HK06162023.exe

    • Size

      326KB

    • MD5

      8049da05dd14298aba0faa157c721664

    • SHA1

      89e0d5226dfac3813466e8d9e4095d1648c19452

    • SHA256

      2b02dfe30d1bdad38df832a7164e71c8a0f28a5b780bc0b3a2eba7fbc7def0cb

    • SHA512

      4ec770d14e652cd102502544dd477b568242ecb69e288d38364a4e6bbbdf48a21934bfd6c1d76f3517c4279c2c6c62ce60dda3b6665140326c40a2f0630989ac

    • SSDEEP

      6144:nYa6xd9Zv5tVDRXf/C7g6ZhfTtITkv9FwgLm+8dNlbSEh0q:nYzdHZDRXnYLHfTt9FwgL81bd/

    Score
    10/10
    umbralpersistencestealer

    • Detect Umbral payload

    • Umbral

      Umbral stealer is an opensource moduler stealer written in C#.

      stealerumbral

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks