Extracted

• • Target

    Umbral.exe

  • Size

    228KB

  • MD5

    18035d182c38cd4bdac10b181d956b32

  • SHA1

    7a024ccc6625b4c232064cff47dc52b3d3efe4fe

  • SHA256

    e15b1ff3eb180023710277f71246a22b705ff26a4826789a004b77137df5d30d

  • SHA512

    9cd6c414a15ae3cf89756f081e464c5e8ecf2951dd546a7930d88d31abb48ce37ba263ad18d0c3cdb74090ce0f85847d6747c183b61274c43f9f9f445a077566

  • SSDEEP

    6144:kloZMIrIkd8g+EtXHkv/iD4LQ1DjpaC9uop7mGzuib8e1mBi:CoZnL+EP8LQ1DjpaC9uop7mGzhj

  Score

  10^/10

  umbralstealer

  • Detect Umbral payload

  • Umbral

    Umbral stealer is an opensource moduler stealer written in C#.

    stealerumbral

  • Legitimate hosting services abused for malware hosting/C2

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  behavioral1behavioral2