Overview

overview

10

Static

static

3

aimsense.exe

windows7-x64

10

aimsense.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    aimsense.rar

  • Size

    141KB

  • Sample

    240222-c5y81abc56

  • MD5

    8238432e429cd446950c73e4339146d5

  • SHA1

    312feb2e6f0c18b36e5b0191d4c38447c95ced90

  • SHA256

    ce8464cde5ece6664f1822aaf540e7cabb702b677b4435edd9ec8e8fa0bf949c

  • SHA512

    74794ec289740e985e041a252640c4cc9457f2cac34c6c522683fa46721983883ab940fc173caa3e14d5eb9393284ddaa8bac97cfc179af496684237fd19fce1

  • SSDEEP

    3072:7PZLijJYJ9VTBe3aXM2SRsJ1XK/LeK+VWJ7YQlVVID8NgcnWK:7PZLkJm9M6XTGL3zNLVCcnWK

Score
10/10
umbralstealer

Malware Config

Extracted

Family

umbral

C2

https://discord.com/api/webhooks/1209997264991555594/9lDazTklKzZKzTTEKzGTtk4UXPjIs2Q2Z2D-ej4Esant-MGCP07bpGNI4w65xZpkCXsD

Targets

    • Target

      aimsense.exe

    • Size

      148KB

    • MD5

      db11d5b13124f9dab72425ce56662a4f

    • SHA1

      09b901184f4865437769f0999bd6d9589008c25d

    • SHA256

      df43da5e9f003414fb7087d002291d62e509d1f977e1304d647abf8ec241a68f

    • SHA512

      71597bd4ae24b1b74904f7a09c0fdac8d082a86e1d0d794f419057bdccf7f3c5dc07f60cc3499aa00cf2b96e181b7f35b33dbf5fa55a755d7e6fc4c766a708f4

    • SSDEEP

      3072:3w10kz9kMiNZKVHd64TGyTOdp6KZt+2T4m6DkBcsfdmC:32T9kMiNZ6HgdyTODZ4p0cWd

    Score
    10/10
    umbralstealer

    • Detect Umbral payload

    • Umbral

      Umbral stealer is an opensource moduler stealer written in C#.

      stealerumbral

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks