umbral | 2220cf943e357754b35ea78fc1b0ec8801130409dc0e5c49854957f140dd2852 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

3

byfron_bypass.exe

windows10-2004-x64

Sharing

General

Target

byfron_bypass.exe
Size

18KB
Sample

231208-aph6qsgc68
MD5

5bd350bc71289dbd7c51db52c088870d
SHA1

2f5ea7492c82f84c2e1c7731fe761f9ec6999e2a
SHA256

2220cf943e357754b35ea78fc1b0ec8801130409dc0e5c49854957f140dd2852
SHA512

dab49aac7c7b03b92e4bef6022ff7beb00ed2b30313f4d5b9e5789434058a7c21d3065f0f2a6ddaf3be1e8790241fb0a36ef5e888f6a4cbd7478cde4df83c3c6
SSDEEP

384:GdCbT8Fa1Tu4nX19ZDkOJtLgwrbj8qL2wNoFmqOk7o9:9dFXDkO3gwr9LS7o9

Score

10^/10

umbral xworm rat stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

byfron_bypass.exe

Resource

win10v2004-20231201-es

umbral xworm rat stealer trojan

windows10-2004-x64

16 signatures

1200 seconds

Malware Config

Extracted

Family

umbral

C2

https://discord.com/api/webhooks/1182449804958248970/DRF0ya2e3evg84K0Bvj6KDwl3i7xtSWZ3g0gIs0o-TUVRK-JP1st19-yHi5V8uo23sfe

Extracted

Family

xworm

C2

owner-cc.gl.at.ply.gg:32281

Attributes

Install_directory
%AppData%
install_file
WindowsSoundSystem.exe

Targets

- Target
  
  byfron_bypass.exe
- Size
  
  18KB
- MD5
  
  5bd350bc71289dbd7c51db52c088870d
- SHA1
  
  2f5ea7492c82f84c2e1c7731fe761f9ec6999e2a
- SHA256
  
  2220cf943e357754b35ea78fc1b0ec8801130409dc0e5c49854957f140dd2852
- SHA512
  
  dab49aac7c7b03b92e4bef6022ff7beb00ed2b30313f4d5b9e5789434058a7c21d3065f0f2a6ddaf3be1e8790241fb0a36ef5e888f6a4cbd7478cde4df83c3c6
- SSDEEP
  
  384:GdCbT8Fa1Tu4nX19ZDkOJtLgwrbj8qL2wNoFmqOk7o9:9dFXDkO3gwr9LS7o9
Score

10^/10

umbral xworm rat stealer trojan
- Detect Umbral payload
- Detect Xworm Payload
- Umbral
  Umbral stealer is an opensource moduler stealer written in C#.
  stealer umbral
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- Drops startup file
- Executes dropped EXE
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

umbralxwormratstealertrojan

© 2018-2025

Terms | Privacy