umbral | 83226bd3592d2317a86ac4b722d640a1db44d1ddfdda174372e599a77c9cebb6 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

1

Saransk builder.rar

windows7-x64

3

Saransk builder.rar

windows10-2004-x64

Sharing

General

Target

Saransk builder.rar
Size

3.2MB
Sample

240210-xb87bshb72
MD5

647d26c35ba5632550d6f7f7981b25ad
SHA1

c414db069f94a31e7a282d29281f276c26b4fb6c
SHA256

83226bd3592d2317a86ac4b722d640a1db44d1ddfdda174372e599a77c9cebb6
SHA512

44c940d1820eaf65ec4be7c7a64bbd2ea5dda2a3a20ce453924374bec14e63bd3b7e701d6a87129e00286dace23004aa9dcc2c5330ac982f19035e9794fbb9aa
SSDEEP

49152:nySJ4KB3s4zaJ1Ldl41LCzvmUnfXlzdLrdmBHXcyShg9aOii0CSDEvBCR61suPf:9yKhs4k41LYfX5JRiHsyraNoPHPf

Score

10^/10

umbral agilenet stealer

Static task

static1

Behavioral task

behavioral1

Sample

Saransk builder.rar

Resource

win7-20231129-en

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

Saransk builder.rar

Resource

win10v2004-20231222-en

umbral agilenet stealer

windows10-2004-x64

17 signatures

150 seconds

Malware Config

Targets

- Target
  
  Saransk builder.rar
- Size
  
  3.2MB
- MD5
  
  647d26c35ba5632550d6f7f7981b25ad
- SHA1
  
  c414db069f94a31e7a282d29281f276c26b4fb6c
- SHA256
  
  83226bd3592d2317a86ac4b722d640a1db44d1ddfdda174372e599a77c9cebb6
- SHA512
  
  44c940d1820eaf65ec4be7c7a64bbd2ea5dda2a3a20ce453924374bec14e63bd3b7e701d6a87129e00286dace23004aa9dcc2c5330ac982f19035e9794fbb9aa
- SSDEEP
  
  49152:nySJ4KB3s4zaJ1Ldl41LCzvmUnfXlzdLrdmBHXcyShg9aOii0CSDEvBCR61suPf:9yKhs4k41LYfX5JRiHsyraNoPHPf
Score

10^/10

umbral agilenet stealer
- Detect Umbral payload
- Umbral
  Umbral stealer is an opensource moduler stealer written in C#.
  stealer umbral
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Obfuscated with Agile.Net obfuscator
  Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
  agilenet
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

umbralagilenetstealer

© 2018-2025

Terms | Privacy

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.