General

  • Target

    C37Bootstrapper.exe

  • Size

    405KB

  • MD5

    c8294556e29920bfcc619529da141096

  • SHA1

    7dad1b482c1d3baeade911400027e615e2ea52ff

  • SHA256

    26deb9a0264cccfdef387610235e9e9032144c8e73561c3d0007c248a6c84dc3

  • SHA512

    1ac29a6ecdf761d85d3b1b64910f7edd865238d1d6b159532efb8260fa9af35c7db06892359ba9efe7bd571ec2bd259a0621721666fd5b085e92f68848f63af6

  • SSDEEP

    6144:nloZM+rIkd8g+EtXHkv/iD4w85EFzQEb3CzFQMpFlb8e1mBiEqkRH:loZtL+EP8w85EFzQEb3CzFQMpfvEJ

Score
10/10

Malware Config

Extracted

Family

umbral

C2

https://discord.com/api/webhooks/1247939114515431576/-I9y34Eg1J2F4FolssK-68gxrpNUiziMBe1Dq5-AXRXx_G_XjzHxBj25MXS-XoZvwnV0

Signatures

  • Detect Umbral payload 1 IoCs
  • Umbral family
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • C37Bootstrapper.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections