General
-
Target
RustPlugin.exe
-
Size
393KB
-
MD5
d71efa1a5928926db612506ae583cbbf
-
SHA1
0c8fdd4c77c86f9cc300222d5c297d93d9c5438b
-
SHA256
4aea7ed7d8374151ea95de63e0610e3a39ce132c5c402a1f35a2e176a3f29a98
-
SHA512
c4a002bd778f65cb0c20d7bb555a4eecefde20dda5c3404677666645a1dbd4c13e483736fe25cd3507f8364bc5791c52e7a654bc9eaeb847871f4633b0014962
-
SSDEEP
6144:EloZM+rIkd8g+EtXHkv/iD4QvhMDJ6idDIJbGmTS1b8e1mJFHniHlks:ioZtL+EP8QvhMDJ6idDIJbGmT+IHiy
Malware Config
Extracted
umbral
https://discord.com/api/webhooks/1258036485391781888/GClx_JE8JuFMHZUxxHeZY3QntiNp5bLWGwmMZ5kJ5ux9xgwGeQCDCsyCR1URnJWkLPoF
Signatures
-
Detect Umbral payload 1 IoCs
resource yara_rule sample family_umbral -
Umbral family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource RustPlugin.exe
Files
-
RustPlugin.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 227KB - Virtual size: 226KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 165KB - Virtual size: 165KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ