General
-
Target
CrackedLunar.exe
-
Size
654KB
-
MD5
6b16b23a779c4c31612350a7e8fe503d
-
SHA1
160ca6b22e6c91fdc5881c5b0fb30c77ca5f032f
-
SHA256
33aa8bdbd795332098958c98a7a069d74082d953201434dee8ab195d66594400
-
SHA512
d2510bb5657b3c3a1b2a3bd70b4e3125c1b21e5b2c2ca886df9e91bc74800a107b3537fc7e4b761f66820c057f73047e923814daf76da42b932075e51bb63b86
-
SSDEEP
6144:UloZM+rIkd8g+EtXHkv/iD4S9r3Cl28e1mai3VkwzWGM4bciDvQ:SoZtL+EP8lyWaKFciDv
Malware Config
Extracted
umbral
https://discord.com/api/webhooks/1273389285479026778/BbhBujGEklVrc6VFGYBE1bMcFDNkhqwDM4Xa5dirz-WgLiIiuFRb3NL3U176kgTZFazp
Signatures
-
Detect Umbral payload 1 IoCs
resource yara_rule sample family_umbral -
Umbral family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource CrackedLunar.exe
Files
-
CrackedLunar.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 228KB - Virtual size: 228KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 424KB - Virtual size: 424KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ