Behavioral task
behavioral1
Sample
pluh/external roblox launcher.exe
Resource
win10-20240404-en
Behavioral task
behavioral2
Sample
pluh/external roblox launcher.exe
Resource
win10v2004-20240412-en
General
-
Target
pluh.rar
-
Size
80KB
-
MD5
73ded24f416e6e70f3440b069ba0b250
-
SHA1
afb8f7b18f01f7939f2c0a569ebfbc2a384aec4c
-
SHA256
fb62df7d72d084f755b3eb181c44287fedc95b0e01fd1033e4c60add76432ff7
-
SHA512
44944136afbf8d4473aa90db8254ff7f4f70ae2f8b5fac87ad538a26d533bfcb6eb5d0ebbcfa6453c01b13e8459a485c26e8cf1a71b24632f54268972c354c18
-
SSDEEP
1536:HBrFLRy5CWhgOqbBAJBwWU533e0gUHZ82IvEB8M6J2mBTajHBfrSJb:hrFLQw514jU5nJgUDuqnO
Malware Config
Extracted
umbral
https://discordapp.com/api/webhooks/1118394761666109480/thDS3oSfSmHsoCQyjlB8zJN33LvfFYhiuSCKRCOwKm_YjjVfoa3nZJjZm8giA5yj1M22
Signatures
-
Detect Umbral payload 1 IoCs
resource yara_rule static1/unpack001/pluh/external roblox launcher.exe family_umbral -
Umbral family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource unpack001/pluh/external roblox launcher.exe
Files
-
pluh.rar.rar
Password: uhuh
-
pluh/external roblox launcher.exe.exe windows:4 windows x86 arch:x86
Password: uhuh
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 227KB - Virtual size: 226KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ