General

  • Target

    1b9385d02d7257137ac792f32b3109b02a01c720de368c1f334ec8f54638f795

  • Size

    200KB

  • MD5

    0d95c0b8381a7eea1b391c0c4c1b705a

  • SHA1

    b9777d1eb06902c161f0a88925de3c49d61dadf1

  • SHA256

    1b9385d02d7257137ac792f32b3109b02a01c720de368c1f334ec8f54638f795

  • SHA512

    1d86bfca0e998ce7e6a67eb37189d18f3c66e311b7a2ec393e7f7549f7f5467fed4c10e4965ae77d0799aad2e9d72bc6c62a5e9cc3547eaae1aa5aaaaccc9852

  • SSDEEP

    6144:oXGhaBEyvGC8UasGt9dWiwZIUnD16gXIDS18Q56BB:kGhByeuaRWxIUp6PDOjMBB

Score
10/10

Malware Config

Extracted

Family

umbral

C2

https://discord.com/api/webhooks/1267112581206904925/Gkx9-NA-5FKJL-3Ehaqtj5lpmNzG-yFwxfY66lVxsyoKGIcae-bbaUO7d-hvSLDQU1-n

Signatures

  • Detect Umbral payload 2 IoCs
  • Umbral family
  • Unsigned PE 2 IoCs

    Checks for missing Authenticode signature.

Files

  • 1b9385d02d7257137ac792f32b3109b02a01c720de368c1f334ec8f54638f795
    .rar
  • Dead Stealer/dead-builder.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections

  • Dead Stealer/dead.payload
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections