Behavioral task
behavioral1
Sample
RUNTWAREV2.exe
Resource
win7-20231023-en
General
-
Target
RUNTWAREV2.exe
-
Size
227KB
-
MD5
6a3f3ce9e59e7f8b18895edb0ccb8e4f
-
SHA1
81da4be170d0e4be51014e5bccc89c09f0c95202
-
SHA256
dee17b4eadaee39276596882c2c60a1b59451017aa91f5c255dee92ae6689449
-
SHA512
b9caa7e6020d9c7b2442b351a03215a4dece45613918936f848de180b5da92286a20ea8527c676b6fd0d4843a7c2fd9f9123c85c8630e62b883a907ae0101fba
-
SSDEEP
6144:+loZM+rIkd8g+EtXHkv/iD44AummkrHMV9YW3X2cAb8e1mxzOi:ooZtL+EP84AummkrHMV9YW3X21Azj
Malware Config
Extracted
umbral
https://discord.com/api/webhooks/1178414555500662874/3K_NTX49w4HoBfQ2mxqBA5rbiJf28MYcn8clV-B06GIV1M_UZq1dpXpzq5rEHUVcDrzk
Signatures
-
Detect Umbral payload 1 IoCs
resource yara_rule sample family_umbral -
Umbral family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource RUNTWAREV2.exe
Files
-
RUNTWAREV2.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 224KB - Virtual size: 224KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ