umbral | Havoc-Executor[.]rar

Sharing

Copy URL Twitter E-mail

General

Target

Havoc-Executor.rar
Size

16.8MB
MD5

f92596f16b2227ca7b19b8fcfc146763
SHA1

673eb42df68aec2de4558120785d4b45a7fcbe0f
SHA256

16ab548b51418dc856d375ca306d50fe04ba25df2fb01fdf31057f6fd72f5348
SHA512

668b9ddbdddccf6876ceb6e4294e0b360534ec5bee12881020e9842ee6e19d1f5554c4ca72a0a2335a71c9ab403891c5076c3f9a8ca5140d699eef5a530bee8e
SSDEEP

393216:msqRW0KzrmKC0eNSo38nS1AcYcr2B5u0hKjAXyjbBsK33w4SXjMj:msqLKOKC0eN5sS1Ac1iojAXZFjMj

Score

10^/10

umbral

Malware Config

Extracted

Family

umbral

https://discord.com/api/webhooks/1202713966892154880/hKt1959RM0bV5-3CpJAwh821Kr6T7h9g1Q2lLB0g86ovim2izdHbNw9y6LtQFK8C5Zhm

Signatures

Detect Umbral payload 1 IoCs

resource	yara_rule
static1/unpack001/Havoc-Executor-V2/Havoc-Executor/Havoc-Executor/Havoc-Executor/Havoc-Executor/HavocV2.exe	family_umbral

Umbral family
umbral

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Havoc-Executor-V2/Havoc-Executor/Havoc-Executor/Havoc-Executor/Havoc-Executor/HavocV2.exe

Files

Havoc-Executor.rar
.rar

Password: havoc
Havoc-Executor-V2/Havoc-Executor/Havoc-Executor/Havoc-Executor/Havoc-Assets/button-background.jpg
.jpg

Password: havoc
Havoc-Executor-V2/Havoc-Executor/Havoc-Executor/Havoc-Executor/Havoc-Assets/injection.mp3
Havoc-Executor-V2/Havoc-Executor/Havoc-Executor/Havoc-Executor/Havoc-Assets/launch-photo.png
.png

Password: havoc
Havoc-Executor-V2/Havoc-Executor/Havoc-Executor/Havoc-Executor/Havoc-Assets/launchvideo1.mp4
Havoc-Executor-V2/Havoc-Executor/Havoc-Executor/Havoc-Executor/Havoc-Assets/launchvideo2.mp4
Havoc-Executor-V2/Havoc-Executor/Havoc-Executor/Havoc-Executor/Havoc-Assets/launchvideo3.mp4
Havoc-Executor-V2/Havoc-Executor/Havoc-Executor/Havoc-Executor/Havoc-Assets/no-premium.jpg
.jpg

Password: havoc
Havoc-Executor-V2/Havoc-Executor/Havoc-Executor/Havoc-Executor/Havoc-Assets/settings.248x256.png
.png

Password: havoc
Havoc-Executor-V2/Havoc-Executor/Havoc-Executor/Havoc-Executor/Havoc-Assets/vertical-ellipsis.75x256.png
.png

Password: havoc
Havoc-Executor-V2/Havoc-Executor/Havoc-Executor/Havoc-Executor/Havoc-Assets/wrench.256x256.png
.png

Password: havoc
Havoc-Executor-V2/Havoc-Executor/Havoc-Executor/Havoc-Executor/Havoc-Executor/HavocV2.exe
.exe windows:4 windows x86 arch:x86

Password: havoc

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 227KB - Virtual size: 227KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 166KB - Virtual size: 166KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Havoc-Executor-V2/Havoc-Executor/Havoc-Executor/Havoc-Executor/Read Before Use.txt

Sharing

General

Malware Config

Extracted

Signatures

Files

Password: havoc

Password: havoc

Password: havoc

Password: havoc

Password: havoc

Password: havoc

Password: havoc

Password: havoc

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 227KB - Virtual size: 227KB

.rsrc Size: 166KB - Virtual size: 166KB

.reloc Size: 512B - Virtual size: 12B

.text
Size: 227KB - Virtual size: 227KB

.rsrc
Size: 166KB - Virtual size: 166KB

.reloc
Size: 512B - Virtual size: 12B