General
-
Target
KrampusV2 Executor.exe
-
Size
229KB
-
MD5
9808f2cc77e52684c6e9802e47fb3a90
-
SHA1
50fd4a1b62e44385e8a30c9643ef8da3c3c61ae1
-
SHA256
a52c14b7aea9fc6674c5ed06f1d9269d3af738729ebfd9c9d181699078f3fd32
-
SHA512
e3cbc3cce1fae618df2c4c53b2889fe4f97b262377ca54756d9863afbfa016480312cbba3880c97873eb776c06cca697b2e9f863fd796f6412fb94270c776e9f
-
SSDEEP
6144:FloZMLrIkd8g+EtXHkv/iD4V1V4bhS6FMAxDeebgqb8e1mxi:HoZ0L+EP8V1V4bhS6FMAxDeebvj
Malware Config
Extracted
umbral
https://discord.com/api/webhooks/1218266364293419160/CWfo-_cZbHNkyrdhqOhV3v_kjBHZDY0BcuA-oj4kRg5_nuN6CDOsapimmDNTiMTkVumg
Signatures
-
Detect Umbral payload 1 IoCs
resource yara_rule sample family_umbral -
Umbral family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource KrampusV2 Executor.exe
Files
-
KrampusV2 Executor.exe.exe windows:4 windows x86 arch:x86
Password: yes
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 227KB - Virtual size: 226KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ