General

  • Target

    3e9e513d3a5d3358b7a19dbc60b1bb15974f2e83436d9fc54e605b7dfc95836b

  • Size

    229KB

  • MD5

    aaa6c20771fef47391be5c85469eb409

  • SHA1

    f0d9249589fc1ae5b80a34dd11a6459ec8b90b14

  • SHA256

    3e9e513d3a5d3358b7a19dbc60b1bb15974f2e83436d9fc54e605b7dfc95836b

  • SHA512

    3689a4a865cdc054706088a0bd77c92990d218e15de5b9fb34d4abda0f05e6a22192e88d1f2d4dc5b191d7e2d4a92f369177e9e1e61c49f43a4401a97ad0f962

  • SSDEEP

    6144:tloZM+rIkd8g+EtXHkv/iD4RRc8EKtFuZr20VJgr9b8e1mTi:voZtL+EP8RRc8EKtFuZr20VJgZ5

Score
10/10

Malware Config

Extracted

Family

umbral

C2

https://discord.com/api/webhooks/1232219891281690684/TZU3-H9dv3VPWYr_nty7uTEDslIUPYCrA1Wi1UNIYijt5eZMmZyv6rDxU1kka4Wbw5sD

Signatures

  • Detect Umbral payload 1 IoCs
  • Detects executables attemping to enumerate video devices using WMI 1 IoCs
  • Detects executables containing possible sandbox analysis VM names 1 IoCs
  • Detects executables containing possible sandbox analysis VM usernames 1 IoCs
  • Detects executables containing possible sandbox system UUIDs 1 IoCs
  • Umbral family
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 3e9e513d3a5d3358b7a19dbc60b1bb15974f2e83436d9fc54e605b7dfc95836b
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections