General
-
Target
Umbral.exe
-
Size
232KB
-
Sample
240506-n6nz7seb98
-
MD5
afbe250f9d941daf1fc895e29d0b2821
-
SHA1
9aeaa55efa56702a0c2694ff2de3a5c6df7b03ac
-
SHA256
628d7cd6016b226c4e5e5252b29dc89e42d30ffebfb489e36857079aad591ce6
-
SHA512
177ddc51032af306d32c0826efddfa3be5e68621b440be764fba7ad37fd982fb58d7e902e4eb258fe50bbd236f82457e45e7d12a885c78314b304e72fb0f2c94
-
SSDEEP
6144:tloZMDXU9Zx0kt8X0/PSCsMpwpf3tW+x5R0STTKN0b8e1mKISi:voZnf0kkPQwpf3tW+x5R0STTKm2
Behavioral task
behavioral1
Sample
Umbral.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
Umbral.exe
Resource
win10-20240404-en
Behavioral task
behavioral3
Sample
Umbral.exe
Resource
win10v2004-20240419-en
Malware Config
Extracted
umbral
https://canary.discord.com/api/webhooks/1236998752988823573/NsiSmSiQW8IAMjpG8SIg_6Zkfz_FbtFHloBWpL6PbxmkMA2TAyh0tCrgXWEmC3ZyASfA
Targets
-
-
Target
Umbral.exe
-
Size
232KB
-
MD5
afbe250f9d941daf1fc895e29d0b2821
-
SHA1
9aeaa55efa56702a0c2694ff2de3a5c6df7b03ac
-
SHA256
628d7cd6016b226c4e5e5252b29dc89e42d30ffebfb489e36857079aad591ce6
-
SHA512
177ddc51032af306d32c0826efddfa3be5e68621b440be764fba7ad37fd982fb58d7e902e4eb258fe50bbd236f82457e45e7d12a885c78314b304e72fb0f2c94
-
SSDEEP
6144:tloZMDXU9Zx0kt8X0/PSCsMpwpf3tW+x5R0STTKN0b8e1mKISi:voZnf0kkPQwpf3tW+x5R0STTKm2
-
Detect Umbral payload
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Drops file in Drivers directory
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-