General

  • Target

    Umbral.Steal.zip

  • Size

    3.5MB

  • MD5

    6e28bd5c4e3f3f6b489837625e31354a

  • SHA1

    bf4da4ec8ec45f661b52923851470989fd5bcfc8

  • SHA256

    40c8bb264b2f753c6af1b6386a7e30e1e919df0109ea764e68563b241162420a

  • SHA512

    2ba1eea653f947079f8412a9d55d82c73dbcb37c70951786c080424acd9ea0936f3c1c43242bf92b1d228dad51706c1e6b915b094ebab20e90dcdd18f433c109

  • SSDEEP

    98304:+K3l+9x9v+OkLlxsfEddRVgRfzE525v+VjvfJtEQkb3x+/x0USitE:+l9xlZ+vkEdd2fQKmjJvCcSOE

Score
10/10

Malware Config

Signatures

  • Detect Umbral payload 1 IoCs
  • Umbral family
  • Obfuscated with Agile.Net obfuscator 33 IoCs

    Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

  • Unsigned PE 9 IoCs

    Checks for missing Authenticode signature.

Files

  • Umbral.Steal.zip
    .zip
  • Umbral.Steal/Bunifu.Licensing.dll
    .dll windows:4 windows x86 arch:x86

    dae02f32a21e03ce65412f6e56942daa


    Headers

    Imports

    Sections

  • Umbral.Steal/Bunifu.UI.WinForms.1.5.3.dll
    .dll windows:4 windows x86 arch:x86

    dae02f32a21e03ce65412f6e56942daa


    Code Sign

    Headers

    Imports

    Sections

  • Umbral.Steal/Bunifu.UI.WinForms.BunifuButton.dll
    .dll windows:4 windows x86 arch:x86

    dae02f32a21e03ce65412f6e56942daa


    Code Sign

    Headers

    Imports

    Sections

  • Umbral.Steal/Bunifu.UI.WinForms.BunifuCheckBox.dll
    .dll windows:4 windows x86 arch:x86

    dae02f32a21e03ce65412f6e56942daa


    Code Sign

    Headers

    Imports

    Sections

  • Umbral.Steal/Bunifu.UI.WinForms.BunifuCircleProgress.dll
    .dll windows:4 windows x86 arch:x86

    dae02f32a21e03ce65412f6e56942daa


    Code Sign

    Headers

    Imports

    Sections

  • Umbral.Steal/Bunifu.UI.WinForms.BunifuColorTransition.dll
    .dll windows:4 windows x86 arch:x86

    dae02f32a21e03ce65412f6e56942daa


    Code Sign

    Headers

    Imports

    Sections

  • Umbral.Steal/Bunifu.UI.WinForms.BunifuDataGridView.dll
    .dll windows:4 windows x86 arch:x86

    dae02f32a21e03ce65412f6e56942daa


    Code Sign

    Headers

    Imports

    Sections

  • Umbral.Steal/Bunifu.UI.WinForms.BunifuDatePicker.dll
    .dll windows:4 windows x86 arch:x86

    dae02f32a21e03ce65412f6e56942daa


    Code Sign

    Headers

    Imports

    Sections

  • Umbral.Steal/Bunifu.UI.WinForms.BunifuDropdown.dll
    .dll windows:4 windows x86 arch:x86

    dae02f32a21e03ce65412f6e56942daa


    Code Sign

    Headers

    Imports

    Sections

  • Umbral.Steal/Bunifu.UI.WinForms.BunifuFormDock.dll
    .dll windows:4 windows x86 arch:x86

    dae02f32a21e03ce65412f6e56942daa


    Code Sign

    Headers

    Imports

    Sections

  • Umbral.Steal/Bunifu.UI.WinForms.BunifuGauge.dll
    .dll windows:4 windows x86 arch:x86

    dae02f32a21e03ce65412f6e56942daa


    Code Sign

    Headers

    Imports

    Sections

  • Umbral.Steal/Bunifu.UI.WinForms.BunifuGradientPanel.dll
    .dll windows:4 windows x86 arch:x86

    dae02f32a21e03ce65412f6e56942daa


    Code Sign

    Headers

    Imports

    Sections

  • Umbral.Steal/Bunifu.UI.WinForms.BunifuGroupBox.dll
    .dll windows:4 windows x86 arch:x86

    dae02f32a21e03ce65412f6e56942daa


    Code Sign

    Headers

    Imports

    Sections

  • Umbral.Steal/Bunifu.UI.WinForms.BunifuImageButton.dll
    .dll windows:4 windows x86 arch:x86

    dae02f32a21e03ce65412f6e56942daa


    Code Sign

    Headers

    Imports

    Sections

  • Umbral.Steal/Bunifu.UI.WinForms.BunifuLabel.dll
    .dll windows:4 windows x86 arch:x86

    dae02f32a21e03ce65412f6e56942daa


    Code Sign

    Headers

    Imports

    Sections

  • Umbral.Steal/Bunifu.UI.WinForms.BunifuPages.dll
    .dll windows:4 windows x86 arch:x86

    dae02f32a21e03ce65412f6e56942daa


    Code Sign

    Headers

    Imports

    Sections

  • Umbral.Steal/Bunifu.UI.WinForms.BunifuPanel.dll
    .dll windows:4 windows x86 arch:x86

    dae02f32a21e03ce65412f6e56942daa


    Code Sign

    Headers

    Imports

    Sections

  • Umbral.Steal/Bunifu.UI.WinForms.BunifuPictureBox.dll
    .dll windows:4 windows x86 arch:x86

    dae02f32a21e03ce65412f6e56942daa


    Code Sign

    Headers

    Imports

    Sections

  • Umbral.Steal/Bunifu.UI.WinForms.BunifuProgressBar.dll
    .dll windows:4 windows x86 arch:x86

    dae02f32a21e03ce65412f6e56942daa


    Code Sign

    Headers

    Imports

    Sections

  • Umbral.Steal/Bunifu.UI.WinForms.BunifuRadioButton.dll
    .dll windows:4 windows x86 arch:x86

    dae02f32a21e03ce65412f6e56942daa


    Code Sign

    Headers

    Imports

    Sections

  • Umbral.Steal/Bunifu.UI.WinForms.BunifuRating.dll
    .dll windows:4 windows x86 arch:x86

    dae02f32a21e03ce65412f6e56942daa


    Code Sign

    Headers

    Imports

    Sections

  • Umbral.Steal/Bunifu.UI.WinForms.BunifuScrollBar.dll
    .dll windows:4 windows x86 arch:x86

    dae02f32a21e03ce65412f6e56942daa


    Code Sign

    Headers

    Imports

    Sections

  • Umbral.Steal/Bunifu.UI.WinForms.BunifuSeparator.dll
    .dll windows:4 windows x86 arch:x86

    dae02f32a21e03ce65412f6e56942daa


    Code Sign

    Headers

    Imports

    Sections

  • Umbral.Steal/Bunifu.UI.WinForms.BunifuShadowPanel.dll
    .dll windows:4 windows x86 arch:x86

    dae02f32a21e03ce65412f6e56942daa


    Code Sign

    Headers

    Imports

    Sections

  • Umbral.Steal/Bunifu.UI.WinForms.BunifuShapes.dll
    .dll windows:4 windows x86 arch:x86

    dae02f32a21e03ce65412f6e56942daa


    Code Sign

    Headers

    Imports

    Sections

  • Umbral.Steal/Bunifu.UI.WinForms.BunifuSlider.dll
    .dll windows:4 windows x86 arch:x86

    dae02f32a21e03ce65412f6e56942daa


    Code Sign

    Headers

    Imports

    Sections

  • Umbral.Steal/Bunifu.UI.WinForms.BunifuSnackbar.dll
    .dll windows:4 windows x86 arch:x86

    dae02f32a21e03ce65412f6e56942daa


    Code Sign

    Headers

    Imports

    Sections

  • Umbral.Steal/Bunifu.UI.WinForms.BunifuTextBox.dll
    .dll windows:4 windows x86 arch:x86

    dae02f32a21e03ce65412f6e56942daa


    Code Sign

    Headers

    Imports

    Sections

  • Umbral.Steal/Bunifu.UI.WinForms.BunifuToggleSwitch.dll
    .dll windows:4 windows x86 arch:x86

    dae02f32a21e03ce65412f6e56942daa


    Code Sign

    Headers

    Imports

    Sections

  • Umbral.Steal/Bunifu.UI.WinForms.BunifuToolTip.dll
    .dll windows:4 windows x86 arch:x86

    dae02f32a21e03ce65412f6e56942daa


    Code Sign

    Headers

    Imports

    Sections

  • Umbral.Steal/Bunifu.UI.WinForms.BunifuTransition.dll
    .dll windows:4 windows x86 arch:x86

    dae02f32a21e03ce65412f6e56942daa


    Code Sign

    Headers

    Imports

    Sections

  • Umbral.Steal/Bunifu.UI.WinForms.BunifuUserControl.dll
    .dll windows:4 windows x86 arch:x86

    dae02f32a21e03ce65412f6e56942daa


    Code Sign

    Headers

    Imports

    Sections

  • Umbral.Steal/Bunifu.UI.WinForms.Deprecated.dll
    .dll windows:4 windows x86 arch:x86

    dae02f32a21e03ce65412f6e56942daa


    Code Sign

    Headers

    Imports

    Sections

  • Umbral.Steal/Mono.Cecil.Mdb.dll
    .dll windows:4 windows x86 arch:x86

    dae02f32a21e03ce65412f6e56942daa


    Headers

    Imports

    Sections

  • Umbral.Steal/Mono.Cecil.Mdb.pdb
  • Umbral.Steal/Mono.Cecil.Pdb.dll
    .dll windows:4 windows x86 arch:x86

    dae02f32a21e03ce65412f6e56942daa


    Headers

    Imports

    Sections

  • Umbral.Steal/Mono.Cecil.Pdb.pdb
  • Umbral.Steal/Mono.Cecil.Rocks.dll
    .dll windows:4 windows x86 arch:x86

    dae02f32a21e03ce65412f6e56942daa


    Headers

    Imports

    Sections

  • Umbral.Steal/Mono.Cecil.Rocks.pdb
  • Umbral.Steal/Mono.Cecil.dll
    .dll windows:4 windows x86 arch:x86

    dae02f32a21e03ce65412f6e56942daa


    Headers

    Imports

    Sections

  • Umbral.Steal/Mono.Cecil.pdb
  • Umbral.Steal/Umbral.builder.exe
    .exe windows:5 windows x86 arch:x86

    fcf1390e9ce472c7270447fc5c61a0c1


    Headers

    Imports

    Sections

  • Umbral.Steal/Umbral.builder.exe.config
    .xml
  • Umbral.Steal/Umbral.builder.pdb
  • Umbral.Steal/Umbral.payload
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections

  • Umbral.Steal/Vestris.ResourceLib.dll
    .dll windows:4 windows x86 arch:x86

    dae02f32a21e03ce65412f6e56942daa


    Headers

    Imports

    Sections

  • Umbral.Steal/Vestris.ResourceLib.xml
    .xml
  • Umbral.Steal/jose-jwt.dll
    .dll windows:4 windows x86 arch:x86

    dae02f32a21e03ce65412f6e56942daa


    Headers

    Imports

    Sections