General
-
Target
immortal.bin.exe
-
Size
1.1MB
-
Sample
240427-15m3qshf69
-
MD5
9e511d399fbc2bf0c2d45302dc62be61
-
SHA1
3100c1c0c5f98b1a7bccef0cdcfde6b34e38992b
-
SHA256
ce8f179e7e29d4f28f1c5039808e82c198264183166069d8ad567f63275c74a8
-
SHA512
7e4560bd6e76d181b47f44eca0a7195cb905e852ed2a94308cad57576a16c62335256978c73ddac275d736423c5c6a9a4eed648090847ee80e8183be77c04486
-
SSDEEP
24576:fO29aTBMPYvJnXAvKhO7CMbNdCrty7ARVJ3g6cbhbZxvI:G29adQt3CrtWQcb3xv
Static task
static1
Behavioral task
behavioral1
Sample
immortal.bin.exe
Resource
win7-20240215-en
Malware Config
Targets
-
-
Target
immortal.bin.exe
-
Size
1.1MB
-
MD5
9e511d399fbc2bf0c2d45302dc62be61
-
SHA1
3100c1c0c5f98b1a7bccef0cdcfde6b34e38992b
-
SHA256
ce8f179e7e29d4f28f1c5039808e82c198264183166069d8ad567f63275c74a8
-
SHA512
7e4560bd6e76d181b47f44eca0a7195cb905e852ed2a94308cad57576a16c62335256978c73ddac275d736423c5c6a9a4eed648090847ee80e8183be77c04486
-
SSDEEP
24576:fO29aTBMPYvJnXAvKhO7CMbNdCrty7ARVJ3g6cbhbZxvI:G29adQt3CrtWQcb3xv
-
Detect Umbral payload
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-