General

  • Target

    citronforyou.exe

  • Size

    229KB

  • MD5

    67735e43b595bc948f427fbc1d4d9400

  • SHA1

    df92217c3101826bf0ae4c8ba53e40026e64dcc3

  • SHA256

    bb6f9600b07d01beeab0a868840ceea944a90d87fb5016ba71794ef68d0a19d6

  • SHA512

    492b3d5372137ca3c3ad287fb84ab40ac6609eff5cf329a039f29b25c39d8c348bf547f01d6e90616e9c11593bf8f294cc73858917ca0ef2a7d03c91d6b89d14

  • SSDEEP

    6144:lloZMLrIkd8g+EtXHkv/iD4vc/yrRiK13wBzOurcVfb8e1mki:noZ0L+EP8vc/yrRiK13wBzOurCG

Score
10/10

Malware Config

Extracted

Family

umbral

C2

https://discord.com/api/webhooks/1271198583076687882/-wpBphJT1bmZ3IzghCvTMvjQiZKds8S1POF_Sy_vnbIZOhTtql-E3y-UYbQtGHJMAQOe

Signatures

  • Detect Umbral payload 1 IoCs
  • Umbral family
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • citronforyou.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections