umbral

Resubmissions

27-04-2024 22:30

240427-2faxjsac8z 10

27-04-2024 22:14

240427-15m3qshf69 10

Sharing

Copy URL

Twitter E-mail

General

Target

immortal.bin.exe
Size

1.1MB
Sample

240427-2faxjsac8z
MD5

9e511d399fbc2bf0c2d45302dc62be61
SHA1

3100c1c0c5f98b1a7bccef0cdcfde6b34e38992b
SHA256

ce8f179e7e29d4f28f1c5039808e82c198264183166069d8ad567f63275c74a8
SHA512

7e4560bd6e76d181b47f44eca0a7195cb905e852ed2a94308cad57576a16c62335256978c73ddac275d736423c5c6a9a4eed648090847ee80e8183be77c04486
SSDEEP

24576:fO29aTBMPYvJnXAvKhO7CMbNdCrty7ARVJ3g6cbhbZxvI:G29adQt3CrtWQcb3xv

Score

10^/10

umbral stealer

Malware Config

Extracted

Family

umbral

https://discord.com/api/webhooks/1230863499496783923/A02kDLEw6wbN8ixBXQtfYqly_yrSOMARWe64V1_a5LlUVAnlyyQj7Axye820VBzQV8HJ

Targets

- Target
  
  immortal.bin.exe
- Size
  
  1.1MB
- MD5
  
  9e511d399fbc2bf0c2d45302dc62be61
- SHA1
  
  3100c1c0c5f98b1a7bccef0cdcfde6b34e38992b
- SHA256
  
  ce8f179e7e29d4f28f1c5039808e82c198264183166069d8ad567f63275c74a8
- SHA512
  
  7e4560bd6e76d181b47f44eca0a7195cb905e852ed2a94308cad57576a16c62335256978c73ddac275d736423c5c6a9a4eed648090847ee80e8183be77c04486
- SSDEEP
  
  24576:fO29aTBMPYvJnXAvKhO7CMbNdCrty7ARVJ3g6cbhbZxvI:G29adQt3CrtWQcb3xv
Score

10^/10

umbral stealer
- Detect Umbral payload
- Umbral
  Umbral stealer is an opensource moduler stealer written in C#.
  stealer umbral
- Downloads MZ/PE file
- Executes dropped EXE
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2 behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Tasks

Resubmissions

Sharing

General

Malware Config

Extracted

Targets

Detect Umbral payload

Downloads MZ/PE file

Executes dropped EXE

Legitimate hosting services abused for malware hosting/C2

Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4