umbral | AkrienPremiumCrack[.]zip

General

Target

AkrienPremiumCrack.zip
Size

312KB
MD5

431e487b11513783fbec3858169b6041
SHA1

d52b846d43015d219bab3d96f62809b0ceed7cfd
SHA256

471eeb9eeca3a3fb5bc949d95ddc7a29a8910a10b7567e725fc212c86c616b10
SHA512

a8709c23eb53afaf5af8731a8bd0673c4e7a66b09240386c9d2a87e125c3ea744357dd5df80b47e67d3e93d87d95067edd3b3fc0601ff1377b475f552ad059ff
SSDEEP

6144:g6r0R7lHL1q4r+hFDnDXuzXhS4P3T1QHTR/00Cu4DKcts8zaQOsk:pIhZY4r+zDezXDmTR/tb4+cO0aQQ

Score

10^/10

umbral xworm

Malware Config

Extracted

Family

umbral

C2

https://discord.com/api/webhooks/1260567168722927636/JRzdu6AXLXMoNg-RGz_uMt-M0S5cWTX1XgHtoE2eyWa2C43rIIU36wAR5byWxaul4pBP

Extracted

Family

xworm

C2

connection-elect.gl.at.ply.gg:37777

Attributes

Install_directory
%AppData%
install_file
Crack.exe

Signatures

Detect Umbral payload 1 IoCs

resource	yara_rule
static1/unpack001/AkrienPremium.exe	family_umbral

Detect Xworm Payload 1 IoCs

resource	yara_rule
static1/unpack001/Crack.exe	family_xworm

Umbral family
umbral
Xworm family
xworm

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/AkrienPremium.exe
unpack001/Crack.exe

Files

AkrienPremiumCrack.zip
.zip

Password: Crack
AkrienPremium.exe
.exe windows:4 windows x86 arch:x86

Password: Crack

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 227KB - Virtual size: 226KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Crack.exe
.exe windows:4 windows x86 arch:x86

Password: Crack

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 80KB - Virtual size: 80KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Extracted

Signatures

Files

Password: Crack

Password: Crack

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 227KB - Virtual size: 226KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

Password: Crack

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 80KB - Virtual size: 80KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

.text
Size: 227KB - Virtual size: 226KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 80KB - Virtual size: 80KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B