umbral | 8657233b83ae7fa42534243b618700431733bf4edc9d97864e250fa15d95592d

Sharing

Copy URL

Twitter E-mail

General

Target

8657233b83ae7fa42534243b618700431733bf4edc9d97864e250fa15d95592d
Size

229KB
MD5

24233839190b24bee9fb8442540bfbfd
SHA1

ca3a499080cbef642d1ad8e677a82111df491a96
SHA256

8657233b83ae7fa42534243b618700431733bf4edc9d97864e250fa15d95592d
SHA512

7895bc79817bbe298970535e41ce9db9b11bbfd1fcfd32dd0346e48d6596130375d894d76c70c2bd45c154de131e5de74e4d86400f90d9b7ac52ae8cce819190
SSDEEP

6144:2loZMD9EB1/SqctonEPfCqAOYiElX8k7J+btUgJB7j8e1m1DZ:AoZpdSqcwvOYiElX8k7J+btUgJB3w

Score

10^/10

umbral

Malware Config

Extracted

Family

umbral

https://discord.com/api/webhooks/1194630702365429840/aYBh8s3kHmXGYN-FriKtEXI-QnFohAVTjeBMQZ0cR6pnGNsMR3D-7AkoFJPEFeTgmXEy

Signatures

Detect Umbral payload 1 IoCs

resource	yara_rule
sample	family_umbral

Detects executables attemping to enumerate video devices using WMI 1 IoCs

resource	yara_rule
sample	INDICATOR_SUSPICIOUS_EXE_WMI_EnumerateVideoDevice

Detects executables containing possible sandbox analysis VM names 1 IoCs

resource	yara_rule
sample	INDICATOR_SUSPICIOUS_EXE_SandboxComputerNames

Detects executables containing possible sandbox analysis VM usernames 1 IoCs

resource	yara_rule
sample	INDICATOR_SUSPICIOUS_EXE_SandboxUserNames

Detects executables containing possible sandbox system UUIDs 1 IoCs

resource	yara_rule
sample	INDICATOR_SUSPICIOUS_EXE_SandboxSystemUUIDs

Umbral family
umbral

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8657233b83ae7fa42534243b618700431733bf4edc9d97864e250fa15d95592d

Files

8657233b83ae7fa42534243b618700431733bf4edc9d97864e250fa15d95592d
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 227KB - Virtual size: 226KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 227KB - Virtual size: 226KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

.text
Size: 227KB - Virtual size: 226KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B