Overview

overview

10

Static

static

1

Saransk builder.rar

windows7-x64

3

Saransk builder.rar

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Saransk builder.rar

  • Size

    3.2MB

  • Sample

    240210-xb87bshb72

  • MD5

    647d26c35ba5632550d6f7f7981b25ad

  • SHA1

    c414db069f94a31e7a282d29281f276c26b4fb6c

  • SHA256

    83226bd3592d2317a86ac4b722d640a1db44d1ddfdda174372e599a77c9cebb6

  • SHA512

    44c940d1820eaf65ec4be7c7a64bbd2ea5dda2a3a20ce453924374bec14e63bd3b7e701d6a87129e00286dace23004aa9dcc2c5330ac982f19035e9794fbb9aa

  • SSDEEP

    49152:nySJ4KB3s4zaJ1Ldl41LCzvmUnfXlzdLrdmBHXcyShg9aOii0CSDEvBCR61suPf:9yKhs4k41LYfX5JRiHsyraNoPHPf

Score
10/10
umbralagilenetstealer

Malware Config

Targets

    • Target

      Saransk builder.rar

    • Size

      3.2MB

    • MD5

      647d26c35ba5632550d6f7f7981b25ad

    • SHA1

      c414db069f94a31e7a282d29281f276c26b4fb6c

    • SHA256

      83226bd3592d2317a86ac4b722d640a1db44d1ddfdda174372e599a77c9cebb6

    • SHA512

      44c940d1820eaf65ec4be7c7a64bbd2ea5dda2a3a20ce453924374bec14e63bd3b7e701d6a87129e00286dace23004aa9dcc2c5330ac982f19035e9794fbb9aa

    • SSDEEP

      49152:nySJ4KB3s4zaJ1Ldl41LCzvmUnfXlzdLrdmBHXcyShg9aOii0CSDEvBCR61suPf:9yKhs4k41LYfX5JRiHsyraNoPHPf

    Score
    10/10
    umbralagilenetstealer

    • Detect Umbral payload

    • Umbral

      Umbral stealer is an opensource moduler stealer written in C#.

      stealerumbral

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Obfuscated with Agile.Net obfuscator

      Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

      agilenet

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks