umbral | Lunar Client QT[.]rar | Triage

Sharing

General

Target

Lunar Client QT.rar
Size

14.9MB
MD5

798243247cf8527fb6eba99ae15ca34a
SHA1

331ff2fe9452c36f4a848650056821ea946c0f05
SHA256

720ace73308cff8dfa9fa901bb16fbfdf06c710c9cb3bdf8cc605a16fa9bdc71
SHA512

d35c9cf48100426d1b2621aced8321a0f14a34176031087733d9a3d96966a724787d9028c32b6913a0911bf0c14b27b10668e167135904f24b201ce8077084d2
SSDEEP

393216:JPa4apaHLZnG1CYQwkJHNhM21SjqzLyGSeL8H:hUpm88YUM21S2zLyGSei

Score

10^/10

umbral mercurialgrabber stealerium

Malware Config

Signatures

Detect Umbral payload 1 IoCs

resource	yara_rule
static1/unpack001/Lunar Client QT.exe	family_umbral

Mercurialgrabber family
mercurialgrabber
Stealerium family
stealerium
Umbral family
umbral

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Lunar Client QT.exe

Files

Lunar Client QT.rar
.rar

Password: 1
Lunar Client QT.exe
.exe windows:4 windows x86 arch:x86

Password: 1

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\SerGreen\Source\Repos\Appacker\UnpackerWindowless\obj\Release\UnpackerWindowless.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 264KB - Virtual size: 264KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ