umbral

General

Target

HAVOC.rar
Size

16.8MB
Sample

240222-rpm85abd26
MD5

83252ecd7c7fb9d73666babf11028e88
SHA1

eee5fb070e365b029d25df28f54573dd47e3f4b5
SHA256

6875f12af60ba6a8cdba7d0de127c23eae6c98f981abc66cf5c8b7fc74b83df9
SHA512

3d1ac511af08749508b8edbe5450cb4928d7bd5a86180b323746c4e902c6d2ab064de6020f1d693c7910edd55723cfe52c43275c9a9dfee868abe83fa81d9dc6
SSDEEP

393216:gT3eEuG8i1NQ8nJ8he2jBIkmM968MLs9BPEJvBwgeI5WbVXAXwY3h:59Fi1NlChbVCs9BPEJpT5OXAgY3h

Score

10^/10

umbral stealer

Malware Config

Extracted

Family

umbral

C2

https://discord.com/api/webhooks/1210097168828862514/qiMfB8pbI0VGmLbCJI5y8HimVnNMcTPgOOb0GXnBUBDvOTpqayQ7-E9CYaH-x55WGvwc

Targets

- Target
  
  HAVOC.rar
- Size
  
  16.8MB
- MD5
  
  83252ecd7c7fb9d73666babf11028e88
- SHA1
  
  eee5fb070e365b029d25df28f54573dd47e3f4b5
- SHA256
  
  6875f12af60ba6a8cdba7d0de127c23eae6c98f981abc66cf5c8b7fc74b83df9
- SHA512
  
  3d1ac511af08749508b8edbe5450cb4928d7bd5a86180b323746c4e902c6d2ab064de6020f1d693c7910edd55723cfe52c43275c9a9dfee868abe83fa81d9dc6
- SSDEEP
  
  393216:gT3eEuG8i1NQ8nJ8he2jBIkmM968MLs9BPEJvBwgeI5WbVXAXwY3h:59Fi1NlChbVCs9BPEJpT5OXAgY3h
Score

10^/10

umbral stealer
- Detect Umbral payload
- Umbral
  Umbral stealer is an opensource moduler stealer written in C#.
  stealer umbral
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

3

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Detect Umbral payload

Checks computer location settings

Executes dropped EXE

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2