umbral | Umbral[.]exe | Triage

Sharing

General

Target

Umbral.exe
Size

231KB
MD5

c3aa0f5ac11d11f2a741c0502d4cd3a2
SHA1

96736e1e76a2f59c460a85472a58bc98dc8bd084
SHA256

928ff5c9bb5e02499ed4611c84ff1b2b8bd498f6db9451f8d7f5fa78202d37ef
SHA512

854b49c85e976a101d8e6c1fe2cf14f7cb99f5025d29a2f0636796fec9d745bafe606223de3b79339a7f98b746f005aec72483d984620a99648ec4ea9c649d21
SSDEEP

6144:xloZM+rIkd8g+EtXHkv/iD4alC0ad1+57mEl5QIf7tLJh8e1mAai:DoZtL+EP8alC0ad1+57mEl5QIRLzLf

Score

10^/10

umbral

Malware Config

Extracted

Family

umbral

C2

https://discord.com/api/webhooks/1247998394866339961/eoD_WLQINT3umixNrhhmADOvlQrs7MT_mFTy66H-czWd3woByI6Fvc8Ha5Xz_WZqYf0Q

Signatures

Detect Umbral payload 1 IoCs

Processes:

resource yara_rule

sample family_umbral
Umbral family
umbral
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.

Processes:

resource

Umbral.exe

Files

Umbral.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 228KB - Virtual size: 228KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ