Overview

overview

10

Static

static

3

Neo_Perm.exe

windows11-21h2-x64

10

Analysis

  • max time kernel
    193s
  • max time network
    211s
  • platform
    windows11-21h2_x64
  • resource
    win11-20231215-en
  • resource tags

    arch:x64arch:x86image:win11-20231215-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    29-12-2023 01:09

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Neo_Perm.exe

  • Size

    1.2MB

  • MD5

    d4041cc3e5034ae1ef88af893b2f5b15

  • SHA1

    b4a5312e96d4618b067b2865ec75b88806162ccc

  • SHA256

    93223f738657509b016c39bb9d2c7728d698391afe35ce95fb775c32e2d11c3b

  • SHA512

    0b3eaa222ec8905bc3163eca5abef8ab1cd39d4c898f3e617dd1257c98f3c8fd533898cc5f91006416bd5a82c23db0ac3400a3f74beda34e2c54d9ba1b1605c7

  • SSDEEP

    24576:5GKxdvVStCsVR+bkSe/oREP64Ng0o48I0zEMM:wKxdvcQsVRm/+j6DRFREMM

Score
10/10
umbralstealer

Malware Config

Extracted

Family

umbral

C2

https://discord.com/api/webhooks/1190042379600797716/_o3srVE7TGd9h-tXYsjqIoul_MAhdkguDLRahVco32Q3wx_y9SxlyFBxvxjJsCXHT46C

Signatures

  • Detect Umbral payload 2 IoCs
  • Umbral

    Umbral stealer is an opensource moduler stealer written in C#.

    stealerumbral
  • Suspicious use of NtSetInformationThreadHideFromDebugger 15 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Neo_Perm.exe
    "C:\Users\Admin\AppData\Local\Temp\Neo_Perm.exe"
    1⤵
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    PID:5752

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/5752-0-0x00000000002F0000-0x00000000006AC000-memory.dmp

    Filesize

    3.7MB

    Download

  • memory/5752-3-0x0000000073F30000-0x00000000746E1000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/5752-2-0x00000000002F0000-0x00000000006AC000-memory.dmp

    Filesize

    3.7MB

    Download

  • memory/5752-5-0x00000000002F0000-0x00000000006AC000-memory.dmp

    Filesize

    3.7MB

    Download

  • memory/5752-8-0x0000000007320000-0x00000000073B2000-memory.dmp

    Filesize

    584KB

    Download

  • memory/5752-9-0x0000000007970000-0x0000000007F16000-memory.dmp

    Filesize

    5.6MB

    Download

  • memory/5752-10-0x00000000002F0000-0x00000000006AC000-memory.dmp

    Filesize

    3.7MB

    Download

  • memory/5752-11-0x0000000007520000-0x0000000007530000-memory.dmp

    Filesize

    64KB

    Download

  • memory/5752-14-0x0000000073F30000-0x00000000746E1000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/5752-16-0x0000000007520000-0x0000000007530000-memory.dmp

    Filesize

    64KB

    Download