General

  • Target

    UNBANNED-GG-PERM-10-18-23.rar

  • Size

    180KB

  • Sample

    240602-cbjlfsfe44

  • MD5

    4daaa0647664f656f9028dee3651116e

  • SHA1

    5ae3a1b02b8452f7848ebc5b350a0d182ad003d7

  • SHA256

    5e9b07ad114b05286b58dc0e888e3aa102d207a1beac3d90a32518d837b2887f

  • SHA512

    a9c015770af3757c62f0c37dc445fee1c8981440d3e57de0fad3071d052b0d0081c3d626b7795e151d6e970aa332d0364074ab8db14fd4908ad444ebcaf8f7dd

  • SSDEEP

    3072:Bg5CA8G++T5CTCRf85k2HSWstiwB084VED5s/pqlv8TaIjtGu:BE55CTQf85k/t7MVlnTaIz

Malware Config

Extracted

Family

umbral

C2

https://discordapp.com/api/webhooks/1246463015998586960/d4v_qESsKe8s7VticwxHvyytkOUO321t7x3oNxoyCNYQuwczEVfPUDFWHLnPpAM4tNJ_

Targets

    • Target

      UNBANNED-GG-PERM-10-18-23/loader.exe

    • Size

      365KB

    • MD5

      cbd720ad4f7be1c099ec22f56ee61dd6

    • SHA1

      9989030c7ea1756e1834c464688d418e773919fc

    • SHA256

      20be105c4a33ebf77ef4db7e8b6ebbb39b156fe1dd16473a7255903f33b76846

    • SHA512

      2ad87fdf5046be22eec58fe71326ab0bcc2a2ca019e1b5519ec1ecbdfbb83731a254c7f400ca48cacb9917da6c85d41a913aa0f8f5b21408a3f2d1e8895e9740

    • SSDEEP

      6144:UsLqdufVUNDa4loZM3fsXtioRkts/cnnK6cMlibJksyVtGXTOMdRYspb8e1m+Fii:PFUNDamoZ1tlRk83MlibJksyVtGXTOMX

    • Detect Umbral payload

    • Modifies visiblity of hidden/system files in Explorer

    • Umbral

      Umbral stealer is an opensource moduler stealer written in C#.

    • Executes dropped EXE

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks