umbral | cfb4919168697ab5bfaa045cbf2c647aa55c1ffc8f5109acf90f2e90af14f40a | Triage

Submit
Reports

Overview

overview

Static

static

Promo link...or.exe

windows11-21h2-x64

Resubmissions

01-02-2024 15:13

240201-sl2ssaacgq 10

01-02-2024 15:00

240201-sdlrlaaagq 10

Sharing

General

Target

Promo link generator.exe
Size

228KB
Sample

240201-sdlrlaaagq
MD5

4e711e7231a67ebf4278a6ba9e2a1f98
SHA1

9bc200a14d089e0fe869674ee5f4219e86dc3009
SHA256

cfb4919168697ab5bfaa045cbf2c647aa55c1ffc8f5109acf90f2e90af14f40a
SHA512

38ac5f01c19304431f1b862172fd0ed7b67fd8926c94e289a7a9b06a6772b02c7708f9ebeb3263269721d379dede458bd29d16fd6eb81eb500d85b202707ec0f
SSDEEP

6144:BloZMUrIkd8g+EtXHkv/iD409mMN5nsAv9R0STTKg/Yb8e1mIi:zoZrL+EP8gmMN5nsAv9R0STTKBm

Score

10^/10

umbral spyware stealer

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

Promo link generator.exe

Resource

win11-20231215-en

umbral spyware stealer

windows11-21h2-x64

22 signatures

150 seconds

Malware Config

Extracted

Family

umbral

C2

https://discord.com/api/webhooks/1196551286892535848/BI-4wJMe0VqcV998bhbMUu_wWa9MHqKDsvG2bhmZuynbA6FvVmQpf3BApw4_YqBZ6TZ5

Targets

- Target
  
  Promo link generator.exe
- Size
  
  228KB
- MD5
  
  4e711e7231a67ebf4278a6ba9e2a1f98
- SHA1
  
  9bc200a14d089e0fe869674ee5f4219e86dc3009
- SHA256
  
  cfb4919168697ab5bfaa045cbf2c647aa55c1ffc8f5109acf90f2e90af14f40a
- SHA512
  
  38ac5f01c19304431f1b862172fd0ed7b67fd8926c94e289a7a9b06a6772b02c7708f9ebeb3263269721d379dede458bd29d16fd6eb81eb500d85b202707ec0f
- SSDEEP
  
  6144:BloZMUrIkd8g+EtXHkv/iD409mMN5nsAv9R0STTKg/Yb8e1mIi:zoZrL+EP8gmMN5nsAv9R0STTKBm
Score

10^/10

umbral spyware stealer
- Detect Umbral payload
- Umbral
  Umbral stealer is an opensource moduler stealer written in C#.
  stealer umbral
- Drops file in Drivers directory
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

umbralspywarestealer

© 2018-2025

Terms | Privacy