umbral | 9d74be4b5c98814c3a9729c891a8e902445cae0d3a061d4adaa13a65e22ad6f4

Resubmissions

26/10/2023, 13:47

26/10/2023, 13:47

max time kernel
1790s
max time network
1805s
platform
windows10-2004_x64
resource
win10v2004-20231020-en
resource tags

arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
submitted
26/10/2023, 13:47

Target

# CELEX LEAKED.exe
Size

232KB
MD5

8442a7b4adbddab8cf5216ca4dc24b86
SHA1

a66d601df351ec4c6b7bb945bdcd3bf9141c5cc0
SHA256

4c8fbdef33997462e43be2a94db398957b0d7fb3158e93e408b2ea530a06aa27
SHA512

5d592e4f431349b03a4af51926384057a78d01d5568a1d1bcbe9f9bd05c6644d6c1ac37462e04352295aaae55ca1133761d17d1bc63b443987ceac666572fe2e
SSDEEP

6144:rloZM+rIkd8g+EtXHkv/iD4KKZoDiAfbozxUyzzqqub8e1mXi:poZtL+EP8KwoDiAfbozxUyzzqxZ

Score

10^/10

umbral stealer

Detect Umbral payload 1 IoCs

resource	yara_rule
behavioral2/memory/5100-0-0x00000296E44C0000-0x00000296E4500000-memory.dmp	family_umbral

Umbral
Umbral stealer is an opensource moduler stealer written in C#.
stealer umbral

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	5100	# CELEX LEAKED.exe

C:\Users\Admin\AppData\Local\Temp\# CELEX LEAKED.exe
"C:\Users\Admin\AppData\Local\Temp\# CELEX LEAKED.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:5100

memory/5100-0-0x00000296E44C0000-0x00000296E4500000-memory.dmp

Filesize
256KB

Download
memory/5100-1-0x00007FFDF8B20000-0x00007FFDF95E1000-memory.dmp

Filesize
10.8MB

Download
memory/5100-2-0x00000296FEBD0000-0x00000296FEBE0000-memory.dmp

Filesize
64KB

Download
memory/5100-3-0x00007FFDF8B20000-0x00007FFDF95E1000-memory.dmp

Filesize
10.8MB

Download
memory/5100-4-0x00000296FEBD0000-0x00000296FEBE0000-memory.dmp

Filesize
64KB

Download