Resubmissions
16-11-2023 14:41
231116-r2taxacd86 10General
-
Target
Chad Manager (QUEST).exe
-
Size
362KB
-
MD5
cca5bab38fe75d3683b7355f1084007a
-
SHA1
c2f0c7ffd1cf73c0f2f4a6c881150e1cb78288c0
-
SHA256
d57da5841f0117edb2cd41d92c03de6385bbe69563abbcd902b8e09a111824e8
-
SHA512
afe550e0007e76483c84cf3d9c0341240f45d715bbb192fa04aa0ab55e7baf8cb2a0332267869a123c846cd1389ed060dfaec7ea8d40b6110f234965436b7fd9
-
SSDEEP
6144:PcyHIGadsUS0O3ulKjb8eNHOJZCDv4zMYAU:Pc+IG9/jR
Malware Config
Extracted
umbral
https://discord.com/api/webhooks/1099530385500672010/v1L-vI2_V9Aqx-ynFN75S3tPemD4r2wKTC9J6RMsGD49q8zKhKwCqt6KEOb5mbuKSV1A
Signatures
-
Detect Umbral payload 1 IoCs
resource yara_rule sample family_umbral -
Umbral family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource Chad Manager (QUEST).exe
Files
-
Chad Manager (QUEST).exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 212KB - Virtual size: 212KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 149KB - Virtual size: 148KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ