umbral | 7f62f4def03ffd80426a25d462e04497eda6a8848529a1d8d51e7936ce6c1131 | Triage

Sharing

General

Target

Yeezus.rar
Size

10.2MB
Sample

240111-retcdshcdj
MD5

89244016652732d4e13623ccbcde05fe
SHA1

bec24f34223b41da38e6b5f1f9a57de6809c7bef
SHA256

7f62f4def03ffd80426a25d462e04497eda6a8848529a1d8d51e7936ce6c1131
SHA512

ce24a5c4734165758813c1ab07662745f8b00adc95aad755728d092099968343bb6dcf6137392732b52cc66bce004deda0a644fb361d1f606411d5d137699d1f
SSDEEP

196608:iVZ5QIEKtiNWVssmoZuSX/RZGmfe390Owlt51J7Vvfnx2Pwk7JGi83sYXjjW:guI1iNEhmLJGOkt57Vx2Pwk7wiFWa

Score

10^/10

umbral evasion stealer trojan

Malware Config

Targets

- Target
  
  Yeezus.rar
- Size
  
  10.2MB
- MD5
  
  89244016652732d4e13623ccbcde05fe
- SHA1
  
  bec24f34223b41da38e6b5f1f9a57de6809c7bef
- SHA256
  
  7f62f4def03ffd80426a25d462e04497eda6a8848529a1d8d51e7936ce6c1131
- SHA512
  
  ce24a5c4734165758813c1ab07662745f8b00adc95aad755728d092099968343bb6dcf6137392732b52cc66bce004deda0a644fb361d1f606411d5d137699d1f
- SSDEEP
  
  196608:iVZ5QIEKtiNWVssmoZuSX/RZGmfe390Owlt51J7Vvfnx2Pwk7JGi83sYXjjW:guI1iNEhmLJGOkt57Vx2Pwk7wiFWa
Score

10^/10

umbral evasion stealer trojan
- Detect Umbral payload
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Umbral
  Umbral stealer is an opensource moduler stealer written in C#.
  stealer umbral
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2
- Target
  
  InjectionLibrary.dll
- Size
  
  78KB
- MD5
  
  64ef546a5a013f36524507e7dfc70d09
- SHA1
  
  d6d0aabdc88b7a875fd666a65194e250cd9ef3e5
- SHA256
  
  7919342e61f58303b1efe7bc3f2a612b717d64069c45eb53f0193218821d0016
- SHA512
  
  b409aaaf770bf0ca436e66279a324158845cba04ad892bbe98c0e32e96faacf83108d5e5b2b51efb59c8a3fccb4476303af47408f1a26bd79b18008ceaa7cc6b
- SSDEEP
  
  1536:E2t6wUtyYiZdqESehfyNHhwTZNzTedgzmZLtQ/5i:7t6LMXZdkaKNHhwTZRTej9Y4
Score

1^/10
behavioral3 behavioral4
- Target
  
  ReaLTaiizor.dll
- Size
  
  10.3MB
- MD5
  
  07dde1af7136548f4efa5ef4fdb74f85
- SHA1
  
  ae304bfb2356f15d7357d6468d85adf63c816414
- SHA256
  
  41e035e141999bf81756d05a33f92eb92f5d531b11f3bc8e6dad3c342af5cd11
- SHA512
  
  13ff0c2c4e43d4fa5a3916cf9fb48df69a667818ffe7ce3c556d9fc88828a71c57056c8a239e8e9a245fda78aa2f01e92113d2854f337c1d59c8319ecd14f714
- SSDEEP
  
  98304:5ylXq4sHDuwl1EWGsH1houBJx1G0vd9tWpmIgMlqVz+rQVe97lwu9cXvBxDh3DYa:ofduBJx1zK9TXSgiKv8X5
Score

1^/10
behavioral5 behavioral6
- Target
  
  Yeezus.exe
- Size
  
  8.3MB
- MD5
  
  fcb147a5c323be1cd6341d87ee9eae35
- SHA1
  
  9ae4d2552158126efe96e7d9b92e782354bafefc
- SHA256
  
  a32ad6995d0a15c0b85485b36a92385f866fd119eb5a2678403f8201bb89e18c
- SHA512
  
  677156c85daf561398eef97e1e920c66cccfd342988d318b292d03694eac0b1a594adfbb7c3b5ac940234d2c165504fe1ff8dcd168ab14c49c63a0dbdca940f8
- SSDEEP
  
  196608:e64kbezidoC+okKRXDFk81sgJ2nMwDeCfLjtDwh31rnA4a9Tl:lbJdx+eDFk81sg4nMYjjto3o/
Score

10^/10

umbral stealer
- Detect Umbral payload
- Umbral
  Umbral stealer is an opensource moduler stealer written in C#.
  stealer umbral
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral7 behavioral8

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

umbralevasionstealertrojan

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8