Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

Umbral ste...db.dll

windows10-2004-x64

1

Umbral ste...db.dll

windows10-2004-x64

1

Umbral ste...ks.dll

windows10-2004-x64

1

Umbral ste...il.dll

windows10-2004-x64

1

Umbral ste...er.exe

windows10-2004-x64

1

Umbral ste...al.exe

windows10-2004-x64

10

Umbral ste...ib.dll

windows10-2004-x64

1

Umbral ste...wt.dll

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Umbral stealer.zip

  • Size

    397KB

  • Sample

    231224-gmg9zsghgq

  • MD5

    f39100690e645e3a29ce3bb38af5e9ff

  • SHA1

    2635bdde6013205c2fe74598f6cc8209b5e4b5f5

  • SHA256

    88daee0b588fe22ce94571deec316131865b2f709f3dced53be8f2b43a8ab4be

  • SHA512

    a6272b32848d4f7f9eb72444938caf6a7f892d80fdd0b7a1035aa2651222ab7f5f6b22ee3da0f1c94d71e372e00e75805a2a4dd6224c8f3dea5135b9f076a72b

  • SSDEEP

    12288:x568ELMlRgytbBQaUM7Z50F3fhskL2Ia+g0szUrmPStvshv:x5VwMHgytFDYdhskBBg0drmPK2

Score
10/10
umbralstealer

Malware Config

Targets

    • Target

      Umbral stealer/Mono.Cecil.Mdb.dll

    • Size

      42KB

    • MD5

      1c6aca0f1b1fa1661fc1e43c79334f7c

    • SHA1

      ec0f591a6d12e1ea7dc8714ec7e5ad7a04ef455d

    • SHA256

      411f8ed8c49738fa38a56ed8f991d556227d13602e83186e66ae1c4f821c940b

    • SHA512

      1c59e939d108f15881d29fe4ced4e5fa4a4476394b58b6eb464da77192cb8fe9221b7cd780af4596914d4cce7c3fc53f1bb567f944c58829de8efbe1fd87be76

    • SSDEEP

      768:Ar5EYZep98C87KHeBUZwrEzsEAnbF+em50KktmM4CRIcZwMRTIzMAtpw:Ar59g98C87KHeBUb5AnZG+zdwMRTzAtS

    Score
    1/10
    behavioral1

    • Target

      Umbral stealer/Mono.Cecil.Pdb.dll

    • Size

      87KB

    • MD5

      6d5eb860c2be5dbeb470e7d3f3e7dda4

    • SHA1

      80c76660b87c52127b1a7da48e27700f75362041

    • SHA256

      447ede1984bb4acd73bd97c0ec57a11c079cee8301c91fb199ca98c1906d3cc4

    • SHA512

      64cf4fe7de68a35720d2b9338ba9cf182e127d95d72d2ccf7ff5c73a368133663e70c988a460825fa87b2d03717a4447948d5262f56aceb7c3bf1cb3ab5a41a5

    • SSDEEP

      1536:2OCAsdBo+am5OMwr5IlALYKXgAJGsZhTjrjvjCXeO:ZCjta0OMuIlArVJGqT/jveXeO

    Score
    1/10
    behavioral2

    • Target

      Umbral stealer/Mono.Cecil.Rocks.dll

    • Size

      27KB

    • MD5

      6e7f0f4fff6c49e3f66127c23b7f1a53

    • SHA1

      14a529f8c7ee9f002d1e93dcf8ff158ab74c7e1a

    • SHA256

      2e2623319bdc362974a78ea4a43f4893011ec257884d24267f4594142fcd436e

    • SHA512

      0c773da6717dd6919cd6241d3cee26ab00bb61ea2dbeff24844a067af4c87ff5cbdb2fe3ada5db4707cee921b3fb353bd12ee22b8490597d4f67ad39bace235e

    • SSDEEP

      384:70ve8JOuJ5iC7n2NwxEXCni+VXcMeDz8PmR1ugLoaeuLMBG9UphJAprjE3uFLHa9:7+m4iCyrXOhG8uRssveum1pMFLHFBvd

    Score
    1/10
    behavioral3

    • Target

      Umbral stealer/Mono.Cecil.dll

    • Size

      350KB

    • MD5

      de69bb29d6a9dfb615a90df3580d63b1

    • SHA1

      74446b4dcc146ce61e5216bf7efac186adf7849b

    • SHA256

      f66f97866433e688acc3e4cd1e6ef14505f81df6b26dd6215e376767f6f954bc

    • SHA512

      6e96a510966a4acbca900773d4409720b0771fede37f24431bf0d8b9c611eaa152ba05ee588bb17f796d7b8caaccc10534e7cc1c907c28ddfa54ac4ce3952015

    • SSDEEP

      6144:jIevdbLPNYe8bikm98KXPHhOWY/fFREomhUFD3z:se1PNL+QRfBg/f/EWFD

    Score
    1/10
    behavioral4

    • Target

      Umbral stealer/Umbral Builder.exe

    • Size

      79KB

    • MD5

      51f40552227be9675b45cca9bcc702d8

    • SHA1

      62e90a1b8d8edabba6903f7901c9cb53840e9d0a

    • SHA256

      c079f0929aed9b50e2910e83250de503415018c4ba2b1e28146168c2c646f1e5

    • SHA512

      d545aa0e48bb8e031770e10636ec92769f522f8ebadc527ded5555d5a8c7edbc719c613930f5492594698a6cbb7c1e700a0970c8ae4e9026921e55e6a78168a3

    • SSDEEP

      1536:x5TnHqaTdYC0NE6BxI2HUxWuFXhIuxcuC1WPqsVtBn:3TnHqaTdYC0NE6BxI2HUxWuFXhIumu6o

    Score
    1/10
    behavioral5

    • Target

      Umbral stealer/Umbral.payload

    • Size

      214KB

    • MD5

      1affa0a88288206933690e598fa3d0e7

    • SHA1

      0c843c02bd32efb80a4b38c1a9bbe245524e768d

    • SHA256

      7e326dace3dbc954c2aef9395293ffb90f41ced37c1bb5bb456cab59fcd762c9

    • SHA512

      5486c4e46d7f134cf4ce671cd758d2f21bf92ade6fe0f1cfe17dbd9823cc979b3bbf788ecb4075e6f86a66046ca43d1e64282abbe32ae2d1490d60a047cb27f1

    • SSDEEP

      3072:u3QWTYoU70RiusQXlk+ThpaBtvpe3ZsGYOk6/l88e9JlbdTJG1oAjE:STgAgusLfp6ZsGdju8e9JlzG1Z

    Score
    10/10
    umbralstealer

    • Detect Umbral payload

    • Umbral

      Umbral stealer is an opensource moduler stealer written in C#.

      stealerumbral
    behavioral6

    • Target

      Umbral stealer/Vestris.ResourceLib.dll

    • Size

      76KB

    • MD5

      944ce5123c94c66a50376e7b37e3a6a6

    • SHA1

      a1936ac79c987a5ba47ca3d023f740401f73529b

    • SHA256

      7da3f0e77c4dddc82df7c16c8c781fade599b7c91e3d32eefbce215b8f06b12a

    • SHA512

      4c034ff51cc01567f3cb0796575528ca44623b864eb606266bcf955a9259ed26b20bec0086d79038158d3a5af2ada0a90f59d7c6aae9e545294fe77825dbe08b

    • SSDEEP

      1536:CSSYikTF0Z+sFGu11tIcyI1MtI9eDG3fL7:CJYD0Z9FGu11teI1r9ea3

    Score
    1/10
    behavioral7

    • Target

      Umbral stealer/jose-jwt.dll

    • Size

      81KB

    • MD5

      3932710fd1cfc829efaee90f08e74208

    • SHA1

      105d65bfbc12e8e9c27d6dde9484bc85e7a7f77e

    • SHA256

      a02b713b6a99cb0b3f85e9f389275bf904eee8be848b2a8c41507c64b264133a

    • SHA512

      0ecb5a5b1ab5308f6c48428e244639f8d5f9a4514f9822a92f29798b1b3e7a0d60922c93543e637abd22613643feeb18cc17cdc9e906a06bc649971e678c0715

    • SSDEEP

      1536:OglH/sWHgmHzzCr51o+ZpKEusq5RIH+qh7D259P5h3+F1AAy/Dc:OgyN1nK86Q7D2jPn3+F1AAyg

    Score
    1/10
    behavioral8

MITRE ATT&CK Enterprise v15

Tasks