Behavioral task
behavioral1
Sample
435a2c3b87a6d4e96690d2aae112660823dc52740222c85a80e5f01e9910ee92.exe
Resource
win7-20240903-en
General
-
Target
435a2c3b87a6d4e96690d2aae112660823dc52740222c85a80e5f01e9910ee92
-
Size
231KB
-
MD5
3b915b9bbc5ddf429f85bf939febe424
-
SHA1
2278baaf3764a27bc962de75601f4d49b2191592
-
SHA256
435a2c3b87a6d4e96690d2aae112660823dc52740222c85a80e5f01e9910ee92
-
SHA512
d83341bf784bed732bf120299824ea066f66f505b6dd0fb0b84396af34877a1ba0c483c805835179be2463dd34503b31260035e78f47ca1396305f60f2be50ed
-
SSDEEP
6144:xloZM+rIkd8g+EtXHkv/iD4LmfzMOsTPkPFQu//OPub8e1mt6i:DoZtL+EP8LwzMOsTPkPFQu//OKO/
Malware Config
Extracted
umbral
https://discord.com/api/webhooks/1285740646597922817/JzkdWV_susRrZmH9kMV_cDF9XoYZDy-wrySe9jVqGNwW3dOIhx6NW9DtmzGED4W8cpWh
Signatures
-
Detect Umbral payload 1 IoCs
resource yara_rule sample family_umbral -
Umbral family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 435a2c3b87a6d4e96690d2aae112660823dc52740222c85a80e5f01e9910ee92
Files
-
435a2c3b87a6d4e96690d2aae112660823dc52740222c85a80e5f01e9910ee92.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 228KB - Virtual size: 228KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ