General

  • Target

    asdaw.zip

  • Size

    1.2MB

  • MD5

    6da8ae1fced623eb19b87d433b42e3f2

  • SHA1

    c24d259ab8d918b9684073f7e9b6ff08fa411146

  • SHA256

    ea24a1aae83844683cbff898b52368d08ea8727855ea1478570745727cdac30a

  • SHA512

    e5025c4080e8caa726b80331b471ca80dc2da2959871752df239e67060dcc7a3f47c4a0e5a8a2717860decd432e833282722f17e77ef0583a8246bcbc7b4aea5

  • SSDEEP

    12288:zp+h1POjmw5rA9ttGWsHOC4aUODwk5bbcSvH8fZ48rvj6:zp+h1WYfZBj6

Score
10/10

Malware Config

Extracted

Family

umbral

C2

https://discord.com/api/webhooks/1233439262771515533/StaLUQOk6fesQAC6do8J2TvpMCRKBj7Mlo5ZRurU5EoQ6VPV6ANYC5mro9NHnKsZHZ2h

Signatures

  • Detect Umbral payload 1 IoCs
  • Umbral family
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • asdaw.zip
    .zip
  • .gitignore
  • LICENSE
  • PeIDK890XoXo.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections

  • init.lua
    .js
  • methods/environment.lua
  • methods/string.lua
  • methods/table.lua
  • methods/userdata.lua
  • modules/ClosureSpy.lua
  • modules/ConstantScanner.lua
  • modules/Explorer.lua
  • modules/ModuleScanner.lua
  • modules/RemoteSpy.lua
  • modules/ScriptScanner.lua
  • modules/UpvalueScanner.lua
  • objects/Closure.lua
  • objects/Constant.lua
  • objects/LocalScript.lua
  • objects/ModuleScript.lua
  • objects/Remote.lua
  • objects/Upvalue.lua
  • ohaux.lua
  • ui/controls/CheckBox.lua
  • ui/controls/ContextMenu.lua
  • ui/controls/DataConfig.lua
  • ui/controls/Dropdown.lua
  • ui/controls/List.lua
  • ui/controls/MessageBox.lua
  • ui/controls/Prompt.lua
  • ui/controls/TabSelector.lua
  • ui/main.lua