General

  • Target

    LegacyPhasmo.rar

  • Size

    634KB

  • MD5

    b2800c86cdb04d471af2a27f3f7e416a

  • SHA1

    1869929454f4d0b05fb4f51d1983e30be17a28ab

  • SHA256

    ac8a08a5dd79ab90a206fe5f79c6d0982a3d9f21ea23daae9e0a04a0edd65892

  • SHA512

    2d0e779995ad70a6d3176bf1a23a2d3b491f107b57ab4e768dcab3fa6fb1fd908e730a9e84b920727166950164ac68c5f6a4417276e35e7b2f23dafb056ed731

  • SSDEEP

    12288:oEKaaOVozcA11bqV5kJPU/HJOoP84EaLROyu5718CSJo3oLcgsa6Tp5Q5:L+zPebkiPJOoP35s1h8Zo8R695E

Score
10/10

Malware Config

Extracted

Family

umbral

C2

https://discord.com/api/webhooks/1239969504654655528/VeqtFqysqjPq1RBqiaPnt8f3X7OZKPfU8tkQRyN212Fwc2hm58OjrMT9W-FnzCFUxfPD

Signatures

  • DCRat payload 1 IoCs

    Detects payload of DCRat, commonly dropped by NSIS installers.

  • Dcrat family
  • Detect Umbral payload 1 IoCs
  • Umbral family
  • Unsigned PE 2 IoCs

    Checks for missing Authenticode signature.

Files

  • LegacyPhasmo.rar
    .rar

    Password: infected

  • LegacyPhasmo/LegacyPhasmo.exe
    .exe windows:4 windows x86 arch:x86

    Password: infected

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections

  • LegacyPhasmo/start.bat
    .exe windows:5 windows x86 arch:x86

    Password: infected

    fcf1390e9ce472c7270447fc5c61a0c1


    Headers

    Imports

    Sections