umbral | 4c8616f89a7f53938f21cd3e1d737c0980b5ab0faab3e8e2c401e4b5ed28106b | Triage

Submit
Reports

Overview

overview

Static

static

3

ea6f9411b4...1a.exe

windows7-x64

ea6f9411b4...1a.exe

windows10-2004-x64

Sharing

General

Target

683c060ccca9ee3a5dad65946c8c9a88.bin
Size

766KB
Sample

231225-bwcg7sbde5
MD5

499869c7ab5ddcd90a5169544ac9c890
SHA1

fa781c20e94ce0cd9e320a62b667cc159bfce95b
SHA256

4c8616f89a7f53938f21cd3e1d737c0980b5ab0faab3e8e2c401e4b5ed28106b
SHA512

d9ea4eba39ac49551bdfe66aaeb0b77e40e5fadd6777eea0740c3954436010beb196353c2bbafe13fdddf319fd234104fccbfc644fcc3e9dbbd9002b09fa48ed
SSDEEP

12288:W77E9XPut/tHVcODKagRXUsMNOvZ2j2KfnL9APNi7NZ/Go6JgdkiaDfPmbAcB:hlP+/JVcc293Z2nAe4gd8HmbAcB

Score

10^/10

umbral spyware stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

ea6f9411b4568ed828772ce578f40ff5b38715d067bdd76616d945f14462351a.exe

Resource

win7-20231215-en

umbral spyware stealer

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

ea6f9411b4568ed828772ce578f40ff5b38715d067bdd76616d945f14462351a.exe

Resource

win10v2004-20231215-en

umbral spyware stealer

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Targets

- Target
  
  ea6f9411b4568ed828772ce578f40ff5b38715d067bdd76616d945f14462351a.exe
- Size
  
  1.7MB
- MD5
  
  683c060ccca9ee3a5dad65946c8c9a88
- SHA1
  
  35a18395cd290cf377fe665aebdfb26e59869a5c
- SHA256
  
  ea6f9411b4568ed828772ce578f40ff5b38715d067bdd76616d945f14462351a
- SHA512
  
  63ab8296b245430a3b13d7eea08d89845a32a8c14b7b88bc516a3b45192a2aa10abdd5e0d9483bc72c5f9b57b228ac498dd7166a54dcafefa630b364377063ef
- SSDEEP
  
  24576:XHfPkK8FXhOdkO/MHqP0OF8u/N6HH6rrcBpbYTa+cy:PPj8FXodouFDr3Txc
Score

10^/10

umbral spyware stealer
- Detect Umbral payload
- Umbral
  Umbral stealer is an opensource moduler stealer written in C#.
  stealer umbral
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

umbralspywarestealer

behavioral2

umbralspywarestealer

© 2018-2025

Terms | Privacy