Overview

overview

10

Static

static

3

Windows_Of...XS.exe

windows7-x64

10

Windows_Of...XS.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Windows_Office Activator By RXS.bin.zip

  • Size

    775KB

  • Sample

    231011-p89kcsha3v

  • MD5

    c788ac054575d3709b0f592fa400bc7e

  • SHA1

    9045270af8716d7724a62b0c5654e6930280a9e3

  • SHA256

    369eac068fdcfd38726f9f5ef813f1ddee9ada72ccf1dde4bbc28c908e3cc6d2

  • SHA512

    ba5ec4ef8137fa1b62bcca082a8110afaef9f04bdbe40e5d6c5cdb35b4adf5c2fd72b8716f94604474d8114b1bb1238b45fe665c9fb70ff79ee40e9f9eb1a88a

  • SSDEEP

    24576:TGqsVdxf6by2mIw9jfT49fib6iReiCXIr8U:Idxb20l26bZlCXO5

Score
10/10
umbralstealer

Malware Config

Extracted

Family

umbral

C2

https://discord.com/api/webhooks/1155956024495308830/o395pHkaR0VtcxpxF8d-fTNY_r32FGWRVqhqpd3v2J7ysT_PVR1FckU2n2mU2vV4jiQL

Targets

    • Target

      Windows_Office Activator By RXS.bin

    • Size

      779KB

    • MD5

      7fc8b5c1779a9aeeecfcb4241e263d00

    • SHA1

      e106ecab86ae0aa5fd94bffe49279fe793bb5e2c

    • SHA256

      a8f2fe0ab643b948071bdb619fd4579740336e5744bfd4f2aed4c674f7c75f4f

    • SHA512

      b99b746339cff5142d504bdeb4551d305034f8463f991100f200f83e10805a79c573a611a4a24558c4c41eab7460f5dafecd40c69fdc32d4c0faefd86285c947

    • SSDEEP

      24576:FBuDErbOl69QjPPN15Nxtug2GNqfpcgHN:zuUE6aVNxtlaRc0N

    Score
    10/10
    umbralstealer

    • Detect Umbral payload

    • Umbral

      Umbral stealer is an opensource moduler stealer written in C#.

      stealerumbral

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks