General
-
Target
Loader.exe
-
Size
495KB
-
MD5
6c200e0e8ddc021a16094bd07c17b1b6
-
SHA1
faa1dba99441d84898171d9ec2962955235183e9
-
SHA256
837e540ab292132a621130757c1d5f1738f83e44568847e9278472eac3dc3046
-
SHA512
bd5e8d976dbdad7d8f5511d777a0998f3d831054b7d3dad2d0a9969ddd622a519b63c1b06b677fef16c90f9ed9de226b25be6ca5f11752a053d6669ce726a15f
-
SSDEEP
12288:doZ1tlRk83MlgvNh0ad1+F7mEl5Qw5nTiii/Izoqs2PiixJ:G5r39Nh0ad1+F7mEl5QwFzoqs2
Malware Config
Extracted
umbral
https://discordapp.com/api/webhooks/1250210609493180540/EIPBZ3YdZ5w5YcRIO6f1LfLpmEqxvPYjSIyR1VF8Vq8yhqkWJkzZ4iXosQ9u7wa-RKex
Signatures
-
Detect Umbral payload 1 IoCs
resource yara_rule sample family_umbral -
Umbral family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource Loader.exe
Files
-
Loader.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 228KB - Virtual size: 228KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 266KB - Virtual size: 265KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ