umbral | 95898a7768f940dafb72443fae1572a25a631acb5e7481e0940939f4016db636 | Triage

Submit
Reports

Overview

overview

Static

static

Umbral.exe

windows11-21h2-x64

Sharing

General

Target

Umbral.exe
Size

231KB
Sample

240725-cgw4qsvdqh
MD5

967320916645d064c55bbb046526df05
SHA1

c1a16294e93796b74ec339f4824ca52ed8168bc1
SHA256

95898a7768f940dafb72443fae1572a25a631acb5e7481e0940939f4016db636
SHA512

f9284986eb87df0995311c97a7983988d927379b9403ee01a8db65482a1f457f73b5ae3eb916b42fb4e0bb0496ae52454146d69098b9141dd507f8a82dbd3bdd
SSDEEP

6144:RloZM3rIkd8g+EtXHkv/iD4VVnRLxCqVhQhTuOLzRMb8e1mvii:joZIL+EP8VVnRLxCqVhQhTuOL283

Score

10^/10

umbral execution stealer

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

Umbral.exe

Resource

win11-20240709-en

umbral execution stealer

windows11-21h2-x64

9 signatures

150 seconds

Malware Config

Extracted

Family

umbral

C2

https://discord.com/api/webhooks/1265851579425095720/MAxTNAZbFvW29JNDMjAGoaQVNutWrQ256VQXQU6nOeHclv6n6MjhmoSsgFOT1sgEy3Gt

Targets

- Target
  
  Umbral.exe
- Size
  
  231KB
- MD5
  
  967320916645d064c55bbb046526df05
- SHA1
  
  c1a16294e93796b74ec339f4824ca52ed8168bc1
- SHA256
  
  95898a7768f940dafb72443fae1572a25a631acb5e7481e0940939f4016db636
- SHA512
  
  f9284986eb87df0995311c97a7983988d927379b9403ee01a8db65482a1f457f73b5ae3eb916b42fb4e0bb0496ae52454146d69098b9141dd507f8a82dbd3bdd
- SSDEEP
  
  6144:RloZM3rIkd8g+EtXHkv/iD4VVnRLxCqVhQhTuOLzRMb8e1mvii:joZIL+EP8VVnRLxCqVhQhTuOL283
Score

10^/10

umbral execution stealer
- Detect Umbral payload
- Umbral
  Umbral stealer is an opensource moduler stealer written in C#.
  stealer umbral
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

umbralexecutionstealer

© 2018-2024

Terms | Privacy