umbral | 35e27fd1445c11bcceede5059823629f428058d70d182dffc4d02ce0a5a5ae41 | Triage

Submit
Reports

Overview

overview

Static

static

7

ConsoleApp...ed.exe

windows10-2004-x64

Sharing

General

Target

ConsoleApplication1_protected.exe
Size

24.9MB
Sample

231105-dsgnvscb79
MD5

c79c2a913c7dac3db3567375a7643cfc
SHA1

fa76240f3722352c6598d3992c95cac12dca53c8
SHA256

35e27fd1445c11bcceede5059823629f428058d70d182dffc4d02ce0a5a5ae41
SHA512

990c0f24ba3a96ec21b16b2ce3f9870b4d8fc70a35f66af14b2ca6619545e276a24e5bbb21545befa9e96283e5be07c6481fac24378c6b8257d23105a718b05a
SSDEEP

393216:ZRM3IIVoIhlU9KTC+DMo1UoLEc6+0A65dcbyReDhWARlH7ptR3VeWc8CZkoU:ZS3VoRVNoIcsR5djeDhpRlH7fRIRrk5

Score

10^/10

umbral evasion stealer themida trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

ConsoleApplication1_protected.exe

Resource

win10v2004-20231023-en

umbral evasion stealer themida trojan

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

umbral

C2

https://discord.com/api/webhooks/1170536634891128902/hdNxkvpSxRXfW2ouud2imDE8eFbcAfoi3fBBxpcoRyxI8E-rxHT7NHLuI-Q-ThYq7M3H

Targets

- Target
  
  ConsoleApplication1_protected.exe
- Size
  
  24.9MB
- MD5
  
  c79c2a913c7dac3db3567375a7643cfc
- SHA1
  
  fa76240f3722352c6598d3992c95cac12dca53c8
- SHA256
  
  35e27fd1445c11bcceede5059823629f428058d70d182dffc4d02ce0a5a5ae41
- SHA512
  
  990c0f24ba3a96ec21b16b2ce3f9870b4d8fc70a35f66af14b2ca6619545e276a24e5bbb21545befa9e96283e5be07c6481fac24378c6b8257d23105a718b05a
- SSDEEP
  
  393216:ZRM3IIVoIhlU9KTC+DMo1UoLEc6+0A65dcbyReDhWARlH7ptR3VeWc8CZkoU:ZS3VoRVNoIcsR5djeDhpRlH7fRIRrk5
Score

10^/10

umbral evasion stealer themida trojan
- Detect Umbral payload
- Umbral
  Umbral stealer is an opensource moduler stealer written in C#.
  stealer umbral
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Executes dropped EXE
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Checks whether UAC is enabled
  evasion trojan
- Drops file in System32 directory
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

umbralevasionstealerthemidatrojan

© 2018-2025

Terms | Privacy