umbral | 5e9b07ad114b05286b58dc0e888e3aa102d207a1beac3d90a32518d837b2887f | Triage

Sharing

General

Target

UNBANNED-GG-PERM-10-18-23.rar
Size

180KB
Sample

240602-cbjlfsfe44
MD5

4daaa0647664f656f9028dee3651116e
SHA1

5ae3a1b02b8452f7848ebc5b350a0d182ad003d7
SHA256

5e9b07ad114b05286b58dc0e888e3aa102d207a1beac3d90a32518d837b2887f
SHA512

a9c015770af3757c62f0c37dc445fee1c8981440d3e57de0fad3071d052b0d0081c3d626b7795e151d6e970aa332d0364074ab8db14fd4908ad444ebcaf8f7dd
SSDEEP

3072:Bg5CA8G++T5CTCRf85k2HSWstiwB084VED5s/pqlv8TaIjtGu:BE55CTQf85k/t7MVlnTaIz

Score

10^/10

umbral evasion persistence stealer

Malware Config

Extracted

Family

umbral

C2

https://discordapp.com/api/webhooks/1246463015998586960/d4v_qESsKe8s7VticwxHvyytkOUO321t7x3oNxoyCNYQuwczEVfPUDFWHLnPpAM4tNJ_

Targets

- Target
  
  UNBANNED-GG-PERM-10-18-23/loader.exe
- Size
  
  365KB
- MD5
  
  cbd720ad4f7be1c099ec22f56ee61dd6
- SHA1
  
  9989030c7ea1756e1834c464688d418e773919fc
- SHA256
  
  20be105c4a33ebf77ef4db7e8b6ebbb39b156fe1dd16473a7255903f33b76846
- SHA512
  
  2ad87fdf5046be22eec58fe71326ab0bcc2a2ca019e1b5519ec1ecbdfbb83731a254c7f400ca48cacb9917da6c85d41a913aa0f8f5b21408a3f2d1e8895e9740
- SSDEEP
  
  6144:UsLqdufVUNDa4loZM3fsXtioRkts/cnnK6cMlibJksyVtGXTOMdRYspb8e1m+Fii:PFUNDamoZ1tlRk83MlibJksyVtGXTOMX
Score

10^/10

umbral evasion persistence stealer
- Detect Umbral payload
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Umbral
  Umbral stealer is an opensource moduler stealer written in C#.
  stealer umbral
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

umbralevasionpersistencestealer