umbral | Hentai[.]exe | Triage

Sharing

General

Target

Hentai.exe
Size

259KB
MD5

e58228a41eb53fd35fed0c1facdbe3a0
SHA1

27647d6d6926fd370c1158e940a5f101bf88e186
SHA256

2e43e4a91eb9abad534cf69f3275f8cba580e2ebd070b439e49d4019998f9548
SHA512

f13dd0c04045cdff35da4c71998d04854fbde679aecffa3a264a1308edbf5591f9d0d9434480b7909f39d1093344fdf84dfdcaac4d24b22fcee774e434df0645
SSDEEP

6144:+loZM9rIkd8g+EtXHkv/iD4BpsY2U7X8ktoGnnGrqb8e1m+iKwM:ooZOL+EP8BpsY2U7X8ktoGnnGCIKw

Score

10^/10

umbral

Malware Config

Extracted

Family

umbral

C2

https://discord.com/api/webhooks/1140504367066271857/QJm7RO1UKhTE3hBI2VWbks7XVSg-O5_gpVrnmyPIvJa1Zhzh-n-z-YnQOwCgh6WriLQ8

Signatures

Detect Umbral payload 1 IoCs

resource	yara_rule
sample	family_umbral

Umbral family
umbral

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Hentai.exe

Files

Hentai.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 225KB - Virtual size: 225KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ