umbral

General

Target

ae1d6b818db2e9097ca27a9ebdc79ac9f1ac6904305416cc20b0dd532c1fe4bf
Size

6.5MB
Sample

240611-cagepszckd
MD5

332ba662e3c3f073ae86fee29789571d
SHA1

5901a5ef0817d5e56f54b4d2a4385717a1b21975
SHA256

ae1d6b818db2e9097ca27a9ebdc79ac9f1ac6904305416cc20b0dd532c1fe4bf
SHA512

8a00f9595aa18ec77b268a4b3d37888ddb45fd567a09597f5bd369f767f7a5003784606ecc92943a1f8b02d2ae9afa8cc9b99e40d8f03f9aaef2c511cac4845b
SSDEEP

196608:o4hV+n8bqD6SiCwDYHLiOYf6OQlmfVuwcP/OCw3P:o4Xc8bqD6SDkhamfVuwcP/jQ

Score

10^/10

Malware Config

Extracted

Family

umbral

C2

https://discord.com/api/webhooks/1240053523601690654/qfHBS3pgxWWBBKRxgQoR2nk1l0xj4MzBSYbqOqyW4FoI1DOOuzXnQta5yMql-1kPExM_

Targets

- Target
  
  ae1d6b818db2e9097ca27a9ebdc79ac9f1ac6904305416cc20b0dd532c1fe4bf
- Size
  
  6.5MB
- MD5
  
  332ba662e3c3f073ae86fee29789571d
- SHA1
  
  5901a5ef0817d5e56f54b4d2a4385717a1b21975
- SHA256
  
  ae1d6b818db2e9097ca27a9ebdc79ac9f1ac6904305416cc20b0dd532c1fe4bf
- SHA512
  
  8a00f9595aa18ec77b268a4b3d37888ddb45fd567a09597f5bd369f767f7a5003784606ecc92943a1f8b02d2ae9afa8cc9b99e40d8f03f9aaef2c511cac4845b
- SSDEEP
  
  196608:o4hV+n8bqD6SiCwDYHLiOYf6OQlmfVuwcP/OCw3P:o4Xc8bqD6SDkhamfVuwcP/jQ
Score

10^/10

umbral pyinstaller stealer
- Detect Umbral payload
- Umbral
  Umbral stealer is an opensource moduler stealer written in C#.
  stealer umbral
- Detects executables attemping to enumerate video devices using WMI
- Detects executables containing possible sandbox analysis VM names
- Detects executables containing possible sandbox analysis VM usernames
- Detects executables containing possible sandbox system UUIDs
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Detect Umbral payload

Detects executables attemping to enumerate video devices using WMI

Detects executables containing possible sandbox analysis VM names

Detects executables containing possible sandbox analysis VM usernames

Detects executables containing possible sandbox system UUIDs

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2