General

  • Target

    token_bot.rar

  • Size

    80KB

  • MD5

    91e5c9a236940fd4c7af78bcea389148

  • SHA1

    80f5c22f41b29628636e0312641c973c1768aa90

  • SHA256

    65080b04dd095e82f027e05f0df8afd367f0b167d7400bf4e2e1626464166a02

  • SHA512

    287265a7e60da70f4a4667d74923fa3676b97a07b884802cdcde009f9ad5eac911b424eaa9b4969b93f1dbe001ec9713b325b548be174d71ea27d32be03169f1

  • SSDEEP

    1536:X+mdm478eiTC0OnB52R/HPl1s4MDkzQpSQdaxa3PtmQ+y1:X+yYjsnD2RvPQUipf45y1

Score
10/10

Malware Config

Extracted

Family

umbral

C2

https://discord.com/api/webhooks/1248680916088524882/scOLRb8Ed3pZrVLq-wxEU3RMvJbAjEVyHOhqKEPHD6NL1h3WeGeXo53UPUp5psuRr4DL

Signatures

  • Detect Umbral payload 1 IoCs
  • Umbral family
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • token_bot.rar
    .rar

    Password: 1234

  • token bot.exe
    .exe windows:4 windows x86 arch:x86

    Password: 1234

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections