Overview

overview

10

Static

static

10

citrontopp...uh.exe

windows7-x64

10

citrontopp...uh.exe

windows10-2004-x64

10

citrontopp...uh.exe

windows7-x64

7

citrontopp...uh.exe

windows10-2004-x64

9

citrontopp...on.exe

windows7-x64

10

citrontopp...on.exe

windows10-2004-x64

10

citrontopp...on.exe

windows7-x64

10

citrontopp...on.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4b64b08789791f49a88c79ad4c0eae5628fe7547489f958312f53c95f23403ff

  • Size

    10.2MB

  • MD5

    187ec6be5a50e8a2297c01572fa530a7

  • SHA1

    bf99963dccd7bbd5bb10ec9c3fff5d3698c7654d

  • SHA256

    4b64b08789791f49a88c79ad4c0eae5628fe7547489f958312f53c95f23403ff

  • SHA512

    34f9e6248874a277d6c25472d110ebc72fe69b783ca5cf288bed7376e71ef3ff98f4c23f89f4e538da66210179cd19c5cbc2308585db389c51ee25e68501a9a3

  • SSDEEP

    196608:lKsYOJ2/S+rSQxCCpbEaxK/Q6iuI5uOf8lwTSd4NBLSeM3HcZs/Dv:gDOwS+4CpAaxqQ6ip5x43d8Lgeg

Score
10/10
pyinstallerumbral

Malware Config

Extracted

Family

umbral

C2

https://discord.com/api/webhooks/1271643069317644288/Yi3JdjrXJ2C95angH0OndOPpWxWydgLtEZVOUV6s32Pf81SxCWBNaV19zjvPX6j0yW0O

Signatures

  • Detect Umbral payload 3 IoCs
  • Umbral family
    umbral
  • Detects Pyinstaller 1 IoCs
    pyinstaller
  • Unsigned PE 4 IoCs

    Checks for missing Authenticode signature.

Files

  • 4b64b08789791f49a88c79ad4c0eae5628fe7547489f958312f53c95f23403ff
    .rar
  • citrontoppest/citrontoppest/Citronyuh.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections

  • citrontoppest/citrontoppest/README.txt
  • citrontoppest/citrontoppest/citrontoppest/README.txt
  • citrontoppest/citrontoppest/citrontoppest/citronuh.exe
    .exe windows:6 windows x64 arch:x64

    72c4e339b7af8ab1ed2eb3821c98713a


    Headers

    Imports

    Sections

  • cstealer.pyc
  • citrontoppest/citrontoppest/citrontoppest/updatechecker/updatecheckercitron.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections

  • citrontoppest/citrontoppest/updatechecker/updatecheckercitron.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections