umbral | e3b085539ea01820a02ac0c6e251e8a4424ee16b6d7b79593e52a63c0d314b84 | Triage

Submit
Reports

Overview

overview

Static

static

1hackNova7.40.exe

windows7-x64

1hackNova7.40.exe

windows10-2004-x64

Sharing

General

Target

1hackNova7.40.exe
Size

227KB
Sample

230904-ys6yzabc98
MD5

6badeb1e9a87fad28128236eecb46c32
SHA1

d89bb6ceff7d56c176147e62e17107815328a625
SHA256

e3b085539ea01820a02ac0c6e251e8a4424ee16b6d7b79593e52a63c0d314b84
SHA512

e5e92ed460e9b5da48c8100aca7617652bcac2a348042400c380a06cfae4d746c464c4c75fd92542015d6619f83ba7bf51e066ea9d49d412042890e3d2bd0e19
SSDEEP

6144:OloZMCrIkd8g+EtXHkv/iD44KANHdmOhqU9va6vhlb8e1mnii:YoZZL+EP84KANHdmOhqU9va6v3g

Score

10^/10

umbral spyware stealer

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

1hackNova7.40.exe

Resource

win7-20230831-en

umbral spyware stealer

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

1hackNova7.40.exe

Resource

win10v2004-20230831-en

umbral spyware stealer

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Extracted

Family

umbral

C2

https://discord.com/api/webhooks/1136820974357061754/hMoo-2crRNsWYIIUpDTPVSQrcVffVnsRIWRpah9vG4GAcVLQak5tOzwuT94Ky4ND7lmc

Targets

- Target
  
  1hackNova7.40.exe
- Size
  
  227KB
- MD5
  
  6badeb1e9a87fad28128236eecb46c32
- SHA1
  
  d89bb6ceff7d56c176147e62e17107815328a625
- SHA256
  
  e3b085539ea01820a02ac0c6e251e8a4424ee16b6d7b79593e52a63c0d314b84
- SHA512
  
  e5e92ed460e9b5da48c8100aca7617652bcac2a348042400c380a06cfae4d746c464c4c75fd92542015d6619f83ba7bf51e066ea9d49d412042890e3d2bd0e19
- SSDEEP
  
  6144:OloZMCrIkd8g+EtXHkv/iD44KANHdmOhqU9va6vhlb8e1mnii:YoZZL+EP84KANHdmOhqU9va6v3g
Score

10^/10

umbral spyware stealer
- Detect Umbral payload
- Umbral
  Umbral stealer is an opensource moduler stealer written in C#.
  stealer umbral
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

umbralspywarestealer

behavioral2

umbralspywarestealer

© 2018-2025

Terms | Privacy