General
-
Target
Blank-Grabber.exe
-
Size
234KB
-
MD5
42468834ef815fe2e841cd5cead7c2b4
-
SHA1
933bd0a2c0e6775de7adb697f9c1c98e7259354a
-
SHA256
c1aa9ebe8ca2223bb08575bc6e19bce928d315d0f4e55ed06e99f2be9deeeed9
-
SHA512
bad49d8cf1e441654b57a7012b15af48070e6d9a7b15051a12e2395c0b742b335bc8302003e715c15625d0e0815349a7b92063b19637801b506cfcfe6b094258
-
SSDEEP
6144:UloZM+rIkd8g+EtXHkv/iD4XzaTJW68K8e1mRPLio:SoZtL+EP8XzaTJjweo
Malware Config
Extracted
umbral
https://discord.com/api/webhooks/1285046148486271109/LHcqMyAcmjXl6Tq0KNX2KX6sB6YWVbhrpka4uFveSi1hxBkCTCNWQLDGtomqtZEAhj-M
Signatures
-
Detect Umbral payload 1 IoCs
resource yara_rule sample family_umbral -
Umbral family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource Blank-Grabber.exe
Files
-
Blank-Grabber.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 227KB - Virtual size: 227KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 6KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ