General

  • Target

    pluh.rar

  • Size

    80KB

  • MD5

    73ded24f416e6e70f3440b069ba0b250

  • SHA1

    afb8f7b18f01f7939f2c0a569ebfbc2a384aec4c

  • SHA256

    fb62df7d72d084f755b3eb181c44287fedc95b0e01fd1033e4c60add76432ff7

  • SHA512

    44944136afbf8d4473aa90db8254ff7f4f70ae2f8b5fac87ad538a26d533bfcb6eb5d0ebbcfa6453c01b13e8459a485c26e8cf1a71b24632f54268972c354c18

  • SSDEEP

    1536:HBrFLRy5CWhgOqbBAJBwWU533e0gUHZ82IvEB8M6J2mBTajHBfrSJb:hrFLQw514jU5nJgUDuqnO

Score
10/10

Malware Config

Extracted

Family

umbral

C2

https://discordapp.com/api/webhooks/1118394761666109480/thDS3oSfSmHsoCQyjlB8zJN33LvfFYhiuSCKRCOwKm_YjjVfoa3nZJjZm8giA5yj1M22

Signatures

  • Detect Umbral payload 1 IoCs
  • Umbral family
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • pluh.rar
    .rar

    Password: uhuh

  • pluh/external roblox launcher.exe
    .exe windows:4 windows x86 arch:x86

    Password: uhuh

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections