Behavioral task
behavioral1
Sample
5a2904a05d5d2f5d3d3ef44bdf54e74341ae9b54ba5f6545b37acf187eec4f84.exe
Resource
win7-20240508-en
General
-
Target
5a2904a05d5d2f5d3d3ef44bdf54e74341ae9b54ba5f6545b37acf187eec4f84.zip
-
Size
92KB
-
MD5
c561219802d64420e3eb701d17533337
-
SHA1
7a41248380246af450c3967c02cb313fdddc3049
-
SHA256
5a72cef1aee6243c81a9ec709be05ef1d443f1431ba635392e88fe761708ed42
-
SHA512
78d5f6323e535e4b683fe8de990d013f187e712fc095b1327438d51ba8be1c7d8603ad04e269504907fbba129aa84410d3c7b80d22b088d2367cab9e91a80b7e
-
SSDEEP
1536:Dwa/5M3IBpELnvaRh9l+GxGwYJmaQJbn15fX2NsG5pBjZDa21Li:USM3QevaNl+GUDYbrOOG5pVZLLi
Malware Config
Extracted
umbral
https://discord.com/api/webhooks/1248607651387146310/L22eWHFIaqQanWIJXuwKJbdlgO8LfAMUL1ag9JLuvBFDDekhSwD3f38KvJADfkAUnTsK
Signatures
-
Detect Umbral payload 1 IoCs
resource yara_rule static1/unpack001/5a2904a05d5d2f5d3d3ef44bdf54e74341ae9b54ba5f6545b37acf187eec4f84.exe family_umbral -
Umbral family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource unpack001/5a2904a05d5d2f5d3d3ef44bdf54e74341ae9b54ba5f6545b37acf187eec4f84.exe
Files
-
5a2904a05d5d2f5d3d3ef44bdf54e74341ae9b54ba5f6545b37acf187eec4f84.zip.zip
Password: infected
-
5a2904a05d5d2f5d3d3ef44bdf54e74341ae9b54ba5f6545b37acf187eec4f84.exe.exe windows:4 windows x86 arch:x86
Password: infected
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 227KB - Virtual size: 226KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ