umbral | 8b69239c6c167f4d06abefc55e7e554a2c3d3d31de0b64cb9500ec45f1c24fef | Triage

Submit
Reports

Overview

overview

Static

static

3

VM1.-.x64.exe

windows11-21h2-x64

Sharing

General

Target

VM1.-.x64.exe
Size

837KB
Sample

231208-aferyshe9t
MD5

6b7fe527dd88ea7c4fc10e3aa4bebd71
SHA1

5272f90277e0b3dfae74322ec109d45e7daf6ccd
SHA256

8b69239c6c167f4d06abefc55e7e554a2c3d3d31de0b64cb9500ec45f1c24fef
SHA512

ac3c0d38bd6cd2a3c1355fbb3750d255d3552300950a8811caef7b4b211e8fbae5cfd69b522a71eaae6b3a20c1be0895400d68147ae768b00ffb1c42e7ae6f19
SSDEEP

24576:xm2D/+vZGgMPTDshxquGKFzFTSpkPInW:xDD/+hXMPM9FTFInW

Score

10^/10

umbral xworm rat stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

VM1.-.x64.exe

Resource

win11-20231128-en

umbral xworm rat stealer trojan

windows11-21h2-x64

19 signatures

1800 seconds

Malware Config

Extracted

Family

umbral

C2

https://discord.com/api/webhooks/1179573880306806895/9PPafRuKqunRXMBgRp7lwh-lO7PV6gpu6bih39np__mk8ZAghkJ95dBDKUvofe3l-iRe

https://discord.com/api/webhooks/1182449804958248970/DRF0ya2e3evg84K0Bvj6KDwl3i7xtSWZ3g0gIs0o-TUVRK-JP1st19-yHi5V8uo23sfe

Extracted

Family

xworm

C2

owner-cc.gl.at.ply.gg:32281

Attributes

install_file
USB.exe

Targets

- Target
  
  VM1.-.x64.exe
- Size
  
  837KB
- MD5
  
  6b7fe527dd88ea7c4fc10e3aa4bebd71
- SHA1
  
  5272f90277e0b3dfae74322ec109d45e7daf6ccd
- SHA256
  
  8b69239c6c167f4d06abefc55e7e554a2c3d3d31de0b64cb9500ec45f1c24fef
- SHA512
  
  ac3c0d38bd6cd2a3c1355fbb3750d255d3552300950a8811caef7b4b211e8fbae5cfd69b522a71eaae6b3a20c1be0895400d68147ae768b00ffb1c42e7ae6f19
- SSDEEP
  
  24576:xm2D/+vZGgMPTDshxquGKFzFTSpkPInW:xDD/+hXMPM9FTFInW
Score

10^/10

umbral xworm rat stealer trojan
- Detect Umbral payload
- Detect Xworm Payload
- Umbral
  Umbral stealer is an opensource moduler stealer written in C#.
  stealer umbral
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- Downloads MZ/PE file
- Drops startup file
- Executes dropped EXE
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

umbralxwormratstealertrojan

© 2018-2025

Terms | Privacy