Overview

overview

10

Static

static

1

ProtonVPN_v3.0.7.exe

windows7-x64

10

ProtonVPN_v3.0.7.exe

windows10-2004-x64

4

Resubmissions

07-08-2023 14:12

230807-rh5jtsgh6z 10

07-08-2023 14:09

230807-rga9lagh6v 6

07-08-2023 14:03

230807-rcyt4agh5z 4

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ProtonVPN_v3.0.7.exe

  • Size

    74.2MB

  • Sample

    230807-rh5jtsgh6z

  • MD5

    4205260ed66ce9e31f8c4b6b6ddc0d2f

  • SHA1

    c11fd487094820a0c87399477638a6da56fba6e8

  • SHA256

    2b4ae19913ee3d15751b95d05c1efe794c174e802d0a352fed333c2a6396fd1e

  • SHA512

    976b29a7442f179df10fa23c4b00746097334a63f0e74956c71fca443cf3f0ec282cb7a46759b178d09f46aedc450f11afa62b3219261bf221a20e36d531183b

  • SSDEEP

    1572864:TjIr5oRymmju9NtSokfOYHWoaWa2QtDoGV3TEoUxf:3Ir59KNtSoDm8jFoGVjE3

Score
10/10
umbralstealer

Malware Config

Extracted

Family

umbral

C2

https://discord.com/api/webhooks/1137687380174831626/voli1BCSnPDoysnLJlSdf6B6hRqZm0KbYZHfjD6nEAZOqkcOmj8-li8vL-d89dFj65E1

Targets

    • Target

      ProtonVPN_v3.0.7.exe

    • Size

      74.2MB

    • MD5

      4205260ed66ce9e31f8c4b6b6ddc0d2f

    • SHA1

      c11fd487094820a0c87399477638a6da56fba6e8

    • SHA256

      2b4ae19913ee3d15751b95d05c1efe794c174e802d0a352fed333c2a6396fd1e

    • SHA512

      976b29a7442f179df10fa23c4b00746097334a63f0e74956c71fca443cf3f0ec282cb7a46759b178d09f46aedc450f11afa62b3219261bf221a20e36d531183b

    • SSDEEP

      1572864:TjIr5oRymmju9NtSokfOYHWoaWa2QtDoGV3TEoUxf:3Ir59KNtSoDm8jFoGVjE3

    Score
    10/10
    umbralstealer

    • Detect Umbral payload

    • Umbral

      Umbral stealer is an opensource moduler stealer written in C#.

      stealerumbral

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks