umbral | 8cec95cadb52efaf46fbd4342a8dba4b3dc6e99d12ed72898071fc2482419520 | Triage

Submit
Reports

Overview

overview

Static

static

1

Lavalink (2).jar

windows10-2004-x64

Sharing

General

Target

Lavalink (2).jar
Size

64.0MB
Sample

231208-1sqcbseeg9
MD5

f141ae90086969958a7ee8fa3b11db33
SHA1

d184f9b6543d6d275edd321c9c65cc11419d6139
SHA256

8cec95cadb52efaf46fbd4342a8dba4b3dc6e99d12ed72898071fc2482419520
SHA512

1c8205ed17972cbd7dc440c86bf39ac8fc7e16b6f701a736f0f02ff995b40b69d1eef0ae608192e8363ae5ed3e44b3b01d1db2b6b421400482bcff182e60cdb0
SSDEEP

1572864:d2itUw+2zdMDnqHP0CKHBYMlXEX4/4gRtQB4:vtUw+2R38CKHBYgo4/a4

Score

10^/10

umbral xworm discovery rat stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

Lavalink (2).jar

Resource

win10v2004-20231130-de

umbral xworm discovery rat stealer trojan

windows10-2004-x64

17 signatures

1800 seconds

Malware Config

Extracted

Family

xworm

C2

owner-cc.gl.at.ply.gg:32281

Attributes

Install_directory
%AppData%
install_file
WindowsSoundSystem.exe

Extracted

Family

umbral

C2

https://discord.com/api/webhooks/1182794899272249374/0RAK-d1IIp_G9JphscLf5z-kuIMWAVGEU8Wy78vDGicqvlTsUJ6RjUqg5bgReS8M_pDx

Targets

- Target
  
  Lavalink (2).jar
- Size
  
  64.0MB
- MD5
  
  f141ae90086969958a7ee8fa3b11db33
- SHA1
  
  d184f9b6543d6d275edd321c9c65cc11419d6139
- SHA256
  
  8cec95cadb52efaf46fbd4342a8dba4b3dc6e99d12ed72898071fc2482419520
- SHA512
  
  1c8205ed17972cbd7dc440c86bf39ac8fc7e16b6f701a736f0f02ff995b40b69d1eef0ae608192e8363ae5ed3e44b3b01d1db2b6b421400482bcff182e60cdb0
- SSDEEP
  
  1572864:d2itUw+2zdMDnqHP0CKHBYMlXEX4/4gRtQB4:vtUw+2R38CKHBYgo4/a4
Score

10^/10

umbral xworm discovery rat stealer trojan
- Detect Umbral payload
- Detect Xworm Payload
- Umbral
  Umbral stealer is an opensource moduler stealer written in C#.
  stealer umbral
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- Drops startup file
- Executes dropped EXE
- Modifies file permissions
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

umbralxwormdiscoveryratstealertrojan

© 2018-2025

Terms | Privacy