Overview

overview

10

Static

static

10

bulder.exe

windows7-x64

10

bulder.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    35s
  • max time network
    40s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23-03-2024 19:49

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    bulder.exe

  • Size

    228KB

  • MD5

    d8de90f21ece872c78887d8532bc4724

  • SHA1

    8abf63837160fe18efb7629ed630402cf9bcb361

  • SHA256

    11e06b3c4301175f96442f0295d9dfade52bf2e9712d2a84da3c54d4d4dd47b9

  • SHA512

    1c02c2560f8a198b0cea474a0b90ef9b5050a3ccbb242ed1600ddf149bb4166a85d69a66622b07884f4ad59e3da447b74e1682f9376ea8d1a54ae48c2776bc49

  • SSDEEP

    6144:xloZM+rIkd8g+EtXHkv/iD4F9KUw2xpaAPyAxVkjab8e1mci:DoZtL+EP8F9KUw2xpaAPyAxVkyG

Score
10/10
umbralstealer

Malware Config

Signatures

  • Detect Umbral payload 1 IoCs
  • Umbral

    Umbral stealer is an opensource moduler stealer written in C#.

    stealerumbral
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\bulder.exe
    "C:\Users\Admin\AppData\Local\Temp\bulder.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:372

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/372-0-0x000001CB5C9E0000-0x000001CB5CA20000-memory.dmp

    Filesize

    256KB

    Download

  • memory/372-1-0x00007FFFD5B10000-0x00007FFFD65D1000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/372-2-0x000001CB5CE10000-0x000001CB5CE20000-memory.dmp

    Filesize

    64KB

    Download

  • memory/372-3-0x00007FFFD5B10000-0x00007FFFD65D1000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/372-4-0x000001CB5CE10000-0x000001CB5CE20000-memory.dmp

    Filesize

    64KB

    Download