umbral | c73691a41f00ef9996d4dc6c045630d279e181bad3637b284f60479e62881c0c | Triage

Submit
Reports

Overview

overview

Static

static

3

Z1ON Dot N...or.exe

windows10-1703-x64

Sharing

General

Target

Z1ON Dot Net Obfuscator.exe
Size

1.9MB
Sample

231215-1chbsahdbp
MD5

8ec9b900dbb217f1569c50c14d4adf34
SHA1

d73701be4fc77450549011cc6c19f37feddcf5b4
SHA256

c73691a41f00ef9996d4dc6c045630d279e181bad3637b284f60479e62881c0c
SHA512

4486419c5b338a17e813acbca2a5300ce085e172a588ae93bec3927fada2ad0f763dff34a944370fc350ea48c6ed9752a2da553309fe5cefffb81811eed39f6b
SSDEEP

49152:wZz/tPlg5nvjlIQH6gVTBicEE0ZPnQvEtQo3A:wZTtPaR7d5IRQvQl

Score

10^/10

umbral stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

Z1ON Dot Net Obfuscator.exe

Resource

win10-20231215-en

windows10-1703-x64

9 signatures

150 seconds

Malware Config

Extracted

Family

umbral

C2

https://discord.com/api/webhooks/1181926505694105630/CE5sVzq-GthkGDnvcUQZk7Evr9osSekTkqbwPbUukyJDim0j7oTaR65R-5mv1Sfx-3Re

Targets

- Target
  
  Z1ON Dot Net Obfuscator.exe
- Size
  
  1.9MB
- MD5
  
  8ec9b900dbb217f1569c50c14d4adf34
- SHA1
  
  d73701be4fc77450549011cc6c19f37feddcf5b4
- SHA256
  
  c73691a41f00ef9996d4dc6c045630d279e181bad3637b284f60479e62881c0c
- SHA512
  
  4486419c5b338a17e813acbca2a5300ce085e172a588ae93bec3927fada2ad0f763dff34a944370fc350ea48c6ed9752a2da553309fe5cefffb81811eed39f6b
- SSDEEP
  
  49152:wZz/tPlg5nvjlIQH6gVTBicEE0ZPnQvEtQo3A:wZTtPaR7d5IRQvQl
Score

10^/10

umbral stealer
- Detect Umbral payload
- Umbral
  Umbral stealer is an opensource moduler stealer written in C#.
  stealer umbral
- Executes dropped EXE
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

© 2018-2025

Terms | Privacy