Overview

overview

9

Static

static

1

UmbrellaLoader.exe

windows10-2004-x64

9

Resubmissions

25/09/2024, 19:14

240925-xxvk3asfjr 9

06/09/2024, 00:13

240906-ah1gfawamn 9

Sharing

Copy URL Twitter E-mail

General

  • Target

    UmbrellaLoader.exe

  • Size

    2.2MB

  • Sample

    240925-xxvk3asfjr

  • MD5

    79e8c84fff417e1d3ca874efbb490e2f

  • SHA1

    54a4bd9940983ecb894614e5c7a9c6f48145262f

  • SHA256

    e52a2e8527b0d6ff0b2411d8285ead560bd006c3d54ab62a69544f27f8f66839

  • SHA512

    23a4623c729002aa7bf5e0e6486562129eeef2367934a52397bf1f5ed20323deaaa039410125e27b8d0b8fcd4fb9396a11eb4792358dfb9a056ebd09aecd69d3

  • SSDEEP

    49152:LM+BdIDZbS4mzcaCSA/Bkj0daECQNm/5XhG34AiROnkqXfd+/9AMj:QMalmIxSAycU11lwnkqXf0F3

Score
9/10
evasiontrojan

Malware Config

Targets

    • Target

      UmbrellaLoader.exe

    • Size

      2.2MB

    • MD5

      79e8c84fff417e1d3ca874efbb490e2f

    • SHA1

      54a4bd9940983ecb894614e5c7a9c6f48145262f

    • SHA256

      e52a2e8527b0d6ff0b2411d8285ead560bd006c3d54ab62a69544f27f8f66839

    • SHA512

      23a4623c729002aa7bf5e0e6486562129eeef2367934a52397bf1f5ed20323deaaa039410125e27b8d0b8fcd4fb9396a11eb4792358dfb9a056ebd09aecd69d3

    • SSDEEP

      49152:LM+BdIDZbS4mzcaCSA/Bkj0daECQNm/5XhG34AiROnkqXfd+/9AMj:QMalmIxSAycU11lwnkqXf0F3

    Score
    9/10
    evasiontrojan

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks whether UAC is enabled

      evasiontrojan

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks