General

  • Target

    Excess_nls.scr

  • Size

    247KB

  • MD5

    7435510d618cc836b23a1bb1791b67b2

  • SHA1

    1428f359a72436dc70e288963d6fb04387e94bd4

  • SHA256

    28b8e4f41d9f11d19a188dc903d3a8d37a643d5e3d61b260ddc01a4fd475b91d

  • SHA512

    5ccc5f49c7752d5367b4e7e4a858ac462e06a7eed7231b8dd96c8c441290e99e71fda3eaffec808656e7a3030c9cf476fc144a102a4ef373d7f184d40fdcfd7b

  • SSDEEP

    6144:bloZM+rIkd8g+EtXHkv/iD46UsziAfboMxUyzzqG2b8e1mWuFeiQfWsy:5oZtL+EP86UsziAfboMxUyzzq9futQf

Score
10/10

Malware Config

Extracted

Family

umbral

C2

https://discord.com/api/webhooks/1238178545021223043/3ZwoReIQJSAQr16Af1BPQ_NiaK5GtGr7sxQn3Lgc4WKZeQw7NFQBrtoUb7cgT9HvE0v4

Signatures

  • Detect Umbral payload 1 IoCs
  • Umbral family
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • Excess_nls.scr
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections