Behavioral task
behavioral1
Sample
l0xmdpqk.ylw.bin.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
l0xmdpqk.ylw.bin.exe
Resource
win10-20240404-en
Behavioral task
behavioral3
Sample
l0xmdpqk.ylw.bin.exe
Resource
win10v2004-20240226-en
General
-
Target
l0xmdpqk.ylw.bin.exe
-
Size
227KB
-
MD5
7f32dcbb00de079c31ff7895ae9c0560
-
SHA1
e80841a355b8dce9955b9bbba63f02a4ad31a836
-
SHA256
5658f42d6332d99827d772a710d74e905f822d23e958c86f802973c2cffe850f
-
SHA512
776cabc7d2442d90655eec0f434c811146b7f569dbace3c8609a582c167af5990ec25d1d7a8eb111744cecbdcd43d37af7d623eb97eb414ad926371083f7aadc
-
SSDEEP
6144:bloZM+9EB1/SqctonEPfCqAu0+prdmK13Up7a6rhgj8e1m5l:5oZQdSqcwvu0+prdmK13Up7a6rhQM
Malware Config
Extracted
umbral
https://discord.com/api/webhooks/1230863499496783923/A02kDLEw6wbN8ixBXQtfYqly_yrSOMARWe64V1_a5LlUVAnlyyQj7Axye820VBzQV8HJ
Signatures
-
Detect Umbral payload 1 IoCs
resource yara_rule sample family_umbral -
Umbral family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource l0xmdpqk.ylw.bin.exe
Files
-
l0xmdpqk.ylw.bin.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 224KB - Virtual size: 224KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ