umbral | 3b97b49496b1d19bd7fec189d26ba0e5ff3051eb759e48cc02c934aceb7868ee | Triage

Analysis

max time kernel
0s
max time network
2s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
04-09-2024 02:36

Sharing

Report Analysis Logs

General

Target

BoogieTool.exe
Size

229KB
MD5

a95d6f4a4315650e730488eabbe1a5dc
SHA1

dd8358dceb4125cbcc85c2d18721a2ef1aa5b165
SHA256

3b97b49496b1d19bd7fec189d26ba0e5ff3051eb759e48cc02c934aceb7868ee
SHA512

b3a1822d4426178ceae2ab76597bf072c41cfa374141bc7adfb01dfafcfc443a713d1526e800290afd265cd932ec756235ffde880cf5ab6fd858b2adf1ed619e
SSDEEP

6144:tloZMYrIkd8g+EtXHkv/iD4yfqmR/k4XoG/BcoNNKb8e1mwMQi:voZHL+EP8yfqmR/k4XoG/BcoNAKJ

Score

10^/10

umbral stealer

Malware Config

Signatures

Detect Umbral payload 1 IoCs

resource	yara_rule
behavioral1/memory/2600-1-0x00000000000B0000-0x00000000000F0000-memory.dmp	family_umbral

Umbral
Umbral stealer is an opensource moduler stealer written in C#.
stealer umbral

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2600	BoogieTool.exe

C:\Users\Admin\AppData\Local\Temp\BoogieTool.exe
"C:\Users\Admin\AppData\Local\Temp\BoogieTool.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2600

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2600-0-0x000007FEF5F93000-0x000007FEF5F94000-memory.dmp

Filesize
4KB

Download
memory/2600-1-0x00000000000B0000-0x00000000000F0000-memory.dmp

Filesize
256KB

Download
memory/2600-2-0x000007FEF5F90000-0x000007FEF697C000-memory.dmp

Filesize
9.9MB

Download