Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
Umbral.exe
-
Size
262KB
-
MD5
dc6b2b0cc8b7bb172f8c8ba71ed9ffd9
-
SHA1
62c4ba576ac76491c2e9ad7939e8253013ecbc74
-
SHA256
eb09b9e81896dc59b142fc7129f2926a6682d5499269cd67eb257d3234068a03
-
SHA512
708eaa8bf9ddd2170cb5705cd7ec522225a19e5c6f6d18ce426b54a2149f0fc18c6d8735f84c8b9799dc44722886d2dbdc328eeb47f45876cec007cbd76cdd35
-
SSDEEP
6144:mloZM+rIkd8g+EtXHkv/iD4sFcCFdW5j+ctBI353RtYZC8e1m4hWi+wM:QoZtL+EP8sFcCFdW5j+ctBIZ7YC3b+w
Malware Config
Extracted
umbral
https://discord.com/api/webhooks/1140504367066271857/QJm7RO1UKhTE3hBI2VWbks7XVSg-O5_gpVrnmyPIvJa1Zhzh-n-z-YnQOwCgh6WriLQ8
Signatures
-
Detect Umbral payload 1 IoCs
resource yara_rule sample family_umbral -
Umbral family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource Umbral.exe
Files
-
Umbral.exe.exe windows x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 228KB - Virtual size: 227KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 33KB - Virtual size: 32KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ