umbral | l0xmdpqk[.]ylw[.]bin[.]exe | Triage

Resubmissions

27-04-2024 22:30

240427-2e6b3aac8y 10

27-04-2024 22:14

240427-15m3qsaa31 10

Sharing

General

Target

l0xmdpqk.ylw.bin.exe
Size

227KB
MD5

7f32dcbb00de079c31ff7895ae9c0560
SHA1

e80841a355b8dce9955b9bbba63f02a4ad31a836
SHA256

5658f42d6332d99827d772a710d74e905f822d23e958c86f802973c2cffe850f
SHA512

776cabc7d2442d90655eec0f434c811146b7f569dbace3c8609a582c167af5990ec25d1d7a8eb111744cecbdcd43d37af7d623eb97eb414ad926371083f7aadc
SSDEEP

6144:bloZM+9EB1/SqctonEPfCqAu0+prdmK13Up7a6rhgj8e1m5l:5oZQdSqcwvu0+prdmK13Up7a6rhQM

Score

10^/10

umbral

Malware Config

Extracted

Family

umbral

C2

https://discord.com/api/webhooks/1230863499496783923/A02kDLEw6wbN8ixBXQtfYqly_yrSOMARWe64V1_a5LlUVAnlyyQj7Axye820VBzQV8HJ

Signatures

Detect Umbral payload 1 IoCs

Processes:

resource yara_rule

sample family_umbral
Umbral family
umbral
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.

Processes:

resource

l0xmdpqk.ylw.bin.exe

Files

l0xmdpqk.ylw.bin.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 224KB - Virtual size: 224KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ