General
-
Target
svhost.exe
-
Size
231KB
-
MD5
c8a622a6ddf01f0948b526a4be7f1f4e
-
SHA1
ab8db69a873a6889462a08865788155e60e03be8
-
SHA256
578a429ed4577019ebb318eb04f3a8e3b39948896602015f2d1b38127d005b59
-
SHA512
5c91782a88cba4ceb0933cb4cf89b0fd3701873db41206d0bf960f5159e34148bcfbc531d46a65fe30f2fdc468b60a85fb3cdf3cd33e85f49364efa6c2e00b01
-
SSDEEP
6144:RloZMcrIkd8g+EtXHkv/iD4ixKClu8e1mwi:joZDL+EP80+4
Score
10/10
Malware Config
Extracted
Family
umbral
C2
https://discord.com/api/webhooks/1279454853026021386/NAB7cWAyYKWY9E-1N68Il5yfgR5MauAdSfeGeOBEMzmzmj53uYRuyDAg7u3GS9LsmL_5
Signatures
-
Detect Umbral payload 1 IoCs
-
Umbral family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Files
-
svhost.exe
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
Imports
Sections