General

  • Target

    12eab714a3f392af46c79bb9eb28155b97d6456350f40f8b85b630de71c5c57c

  • Size

    228KB

  • Sample

    240319-wd84nsab65

  • MD5

    cd60f2c4d6616cf3e5785c07526be795

  • SHA1

    cc463a67d382c6bc11a05d1bfe41031b64d2c39c

  • SHA256

    12eab714a3f392af46c79bb9eb28155b97d6456350f40f8b85b630de71c5c57c

  • SHA512

    d255801159dfaf6c3f1d2cc19c9fab3421e04fff84aa2078043745d69a026cebf0dc6e8080174182f555cfe34b755035c0d2adfeeb322e0ff708a4d577c21536

  • SSDEEP

    6144:MloZMzrIkd8g+EtXHkv/iD4IB2kxfEY3Omfh8ItUlLb8e1muyi:KoZcL+EP8IB2kxfEY3Omfh8ItUlP

Score
10/10

Malware Config

Extracted

Family

umbral

C2

https://discord.com/api/webhooks/1217801123927162921/dgMvVtiWuB8DS8tdYGE33IGFk9YmbGNpXPqXFPoCA8ikryGBR6W28cmbr1v_cxCZqdBI

Targets

    • Target

      12eab714a3f392af46c79bb9eb28155b97d6456350f40f8b85b630de71c5c57c

    • Size

      228KB

    • MD5

      cd60f2c4d6616cf3e5785c07526be795

    • SHA1

      cc463a67d382c6bc11a05d1bfe41031b64d2c39c

    • SHA256

      12eab714a3f392af46c79bb9eb28155b97d6456350f40f8b85b630de71c5c57c

    • SHA512

      d255801159dfaf6c3f1d2cc19c9fab3421e04fff84aa2078043745d69a026cebf0dc6e8080174182f555cfe34b755035c0d2adfeeb322e0ff708a4d577c21536

    • SSDEEP

      6144:MloZMzrIkd8g+EtXHkv/iD4IB2kxfEY3Omfh8ItUlLb8e1muyi:KoZcL+EP8IB2kxfEY3Omfh8ItUlP

    Score
    10/10
    • Detect Umbral payload

    • Umbral

      Umbral stealer is an opensource moduler stealer written in C#.

    • Detects executables attemping to enumerate video devices using WMI

    • Detects executables containing possible sandbox analysis VM names

    • Detects executables containing possible sandbox analysis VM usernames

    • Detects executables containing possible sandbox system UUIDs

MITRE ATT&CK Matrix

Tasks