umbral | 3156fea939c2b71683a306896ad4185b9c3afb57930fb17d9207ff78161e7dfd | Triage

Submit
Reports

Overview

overview

Static

static

flameware ...of.exe

windows10-2004-x64

Sharing

General

Target

flameware free spoof.exe
Size

445KB
Sample

240317-ttb3rsac64
MD5

4bbcdd97740fb152109f809a6625e0bb
SHA1

69993fd2dc46acb60d4f95e553ab7bd66096305d
SHA256

3156fea939c2b71683a306896ad4185b9c3afb57930fb17d9207ff78161e7dfd
SHA512

5246b088157b6e3a1e61fb90c0cef054aafe11708ab12a9b35cf1ba5875080b2d037342637333eb57fc6cc41a918af1674bb91343c3c4a62ad2a4e03b0aa6417
SSDEEP

6144:eSncRlyToy9yZ/koAvzDIjjL+dLCULOoepRXgtlAiLcW7tBWJ+q:z48ToYyZMoAvzDIjjSdBLyVW7tQJ3

Score

10^/10

umbral stealer

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

flameware free spoof.exe

Resource

win10v2004-20240226-en

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Targets

- Target
  
  flameware free spoof.exe
- Size
  
  445KB
- MD5
  
  4bbcdd97740fb152109f809a6625e0bb
- SHA1
  
  69993fd2dc46acb60d4f95e553ab7bd66096305d
- SHA256
  
  3156fea939c2b71683a306896ad4185b9c3afb57930fb17d9207ff78161e7dfd
- SHA512
  
  5246b088157b6e3a1e61fb90c0cef054aafe11708ab12a9b35cf1ba5875080b2d037342637333eb57fc6cc41a918af1674bb91343c3c4a62ad2a4e03b0aa6417
- SSDEEP
  
  6144:eSncRlyToy9yZ/koAvzDIjjL+dLCULOoepRXgtlAiLcW7tBWJ+q:z48ToYyZMoAvzDIjjSdBLyVW7tQJ3
Score

10^/10

umbral stealer
- Detect Umbral payload
- Umbral
  Umbral stealer is an opensource moduler stealer written in C#.
  stealer umbral
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

© 2018-2025

Terms | Privacy