umbral | guilded_ums[.]exe

General

Target

guilded_ums.exe
Size

227KB
MD5

adbb1ff2093cd75f5d386ed3071f732a
SHA1

cbec205579e47cfab72873a13f3021b56c111b68
SHA256

d646794ea3c663854047a79206ef3dc27f16c01162248a95d8d52927c05f1889
SHA512

236f6fcda0a5808d63e34bb5c542196212d039bb739ed9c0902a0c899d01bfb47403561d6a9e69668e5e5055a42c46daf46910364d5a74be5c4cca2f84dd24ec
SSDEEP

6144:dloZMxNXg+dOntLnEPfdMXGkVW2U7X8gtoGnnG+Tb8e1mai:/oZxEOn0mGkVW2U7X8gtoGnnGEw

Score

10^/10

umbral

Malware Config

Extracted

Family

umbral

C2

https://media.guilded.gg/webhooks/2c5f9f77-f4ec-4ea9-9466-46f0364247ee/WWKNk9fLosqO8Wcc6OQEm2IOqQ2O8sCA0mc4UO44kMC0sMw6omO6GI8uaYAimwqM0yOccwkUIOoCIKwsAW6sgW

Signatures

Detect Umbral payload 1 IoCs

resource	yara_rule
sample	family_umbral

Umbral family
umbral

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
guilded_ums.exe

Files

guilded_ums.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 225KB - Virtual size: 224KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 225KB - Virtual size: 224KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

.text
Size: 225KB - Virtual size: 224KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B