umbral | hxxps://mega[.]nz/file/tCVmhBgS#AHKluC1LX_nq0q4yTOoRgDw4Wuuwj38s6Z592mNfFA8 | Triage

Submit
Reports

Overview

overview

Static

static

1

URLScan

urlscan

https://mega.nz/file...

windows10-2004-x64

Sharing

General

Target

https://mega.nz/file/tCVmhBgS#AHKluC1LX_nq0q4yTOoRgDw4Wuuwj38s6Z592mNfFA8
Sample

240301-xv98qscb65

Score

10^/10

umbral xworm persistence rat stealer trojan

Static task

static1

URLScan task

urlscan1

Behavioral task

behavioral1

Sample

https://mega.nz/file/tCVmhBgS#AHKluC1LX_nq0q4yTOoRgDw4Wuuwj38s6Z592mNfFA8

Resource

win10v2004-20240226-en

umbral xworm persistence rat stealer trojan

windows10-2004-x64

19 signatures

300 seconds

Malware Config

Extracted

Family

xworm

C2

127.0.0.1:7000

Attributes

Install_directory
%LocalAppData%
install_file
Cracked.exe

Targets

- Target
  
  https://mega.nz/file/tCVmhBgS#AHKluC1LX_nq0q4yTOoRgDw4Wuuwj38s6Z592mNfFA8
Score

10^/10

umbral xworm persistence rat stealer trojan
- Detect Umbral payload
- Detect Xworm Payload
- Umbral
  Umbral stealer is an opensource moduler stealer written in C#.
  stealer umbral
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- Drops startup file
- Executes dropped EXE
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

urlscan1

behavioral1

umbralxwormpersistenceratstealertrojan

© 2018-2025

Terms | Privacy