General

  • Target

    5a2904a05d5d2f5d3d3ef44bdf54e74341ae9b54ba5f6545b37acf187eec4f84.zip

  • Size

    92KB

  • MD5

    c561219802d64420e3eb701d17533337

  • SHA1

    7a41248380246af450c3967c02cb313fdddc3049

  • SHA256

    5a72cef1aee6243c81a9ec709be05ef1d443f1431ba635392e88fe761708ed42

  • SHA512

    78d5f6323e535e4b683fe8de990d013f187e712fc095b1327438d51ba8be1c7d8603ad04e269504907fbba129aa84410d3c7b80d22b088d2367cab9e91a80b7e

  • SSDEEP

    1536:Dwa/5M3IBpELnvaRh9l+GxGwYJmaQJbn15fX2NsG5pBjZDa21Li:USM3QevaNl+GUDYbrOOG5pVZLLi

Score
10/10

Malware Config

Extracted

Family

umbral

C2

https://discord.com/api/webhooks/1248607651387146310/L22eWHFIaqQanWIJXuwKJbdlgO8LfAMUL1ag9JLuvBFDDekhSwD3f38KvJADfkAUnTsK

Signatures

  • Detect Umbral payload 1 IoCs
  • Umbral family
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 5a2904a05d5d2f5d3d3ef44bdf54e74341ae9b54ba5f6545b37acf187eec4f84.zip
    .zip

    Password: infected

  • 5a2904a05d5d2f5d3d3ef44bdf54e74341ae9b54ba5f6545b37acf187eec4f84.exe
    .exe windows:4 windows x86 arch:x86

    Password: infected

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections