umbral | a8c74a05f574514ec74cb942ec0ff1d5380da648e145ba829dec4cc511ec4cd7

General

Target

a8c74a05f574514ec74cb942ec0ff1d5380da648e145ba829dec4cc511ec4cd7
Size

92KB
MD5

428c94c72ecc3c8056e7b9bf927628c4
SHA1

78360122f0dee4a0ef75b1de4e062b1c6ecc58e5
SHA256

a8c74a05f574514ec74cb942ec0ff1d5380da648e145ba829dec4cc511ec4cd7
SHA512

6ed4159197625f6379dc7d509ee01c123fadd7b6cfb6658e7ad7b3b8997d75cea900f15b684c493d9599386f172c86d439598d770c1166144f3a4526b3030561
SSDEEP

1536:iuyd8rwgjEoMo3DM76gO9cKc51RqbtIQ80i+gcxfYacF6oufFB7jPV+sUq01UEic:ogjdMGg4cKc5gIzDhau0BPPiLSk3h

Score

10^/10

umbral

Family

umbral

C2

https://discord.com/api/webhooks/1240617539009249350/TqBzgc6PPLDK8U9sL3OIQ7VPVwnDIoONcaMLCG9G1Uo5vMQ9KEFuAEkuqQ_6XKEkyetX

Detect Umbral payload 1 IoCs

resource	yara_rule
static1/unpack001/5b97b5644019cec44dded172780f30b049b82c8e8582a589ce95d7dec421a686.exe	family_umbral

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/5b97b5644019cec44dded172780f30b049b82c8e8582a589ce95d7dec421a686.exe

a8c74a05f574514ec74cb942ec0ff1d5380da648e145ba829dec4cc511ec4cd7
.zip

Password: infected
5b97b5644019cec44dded172780f30b049b82c8e8582a589ce95d7dec421a686.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 227KB - Virtual size: 226KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ