umbral | 69a530a9f6907b629a39ba9f9e77c9cffe2c3c4f1b1192f8acee7a99cf7106e8 | Triage

Sharing

General

Target

Image Logger.rar
Size

12.0MB
Sample

241011-1js2vszenj
MD5

e6ed4f8836f57cb067d59c5c3bab83e0
SHA1

cf05b1644a0d9ad5817ba999c5fd2ef74ed20fa1
SHA256

69a530a9f6907b629a39ba9f9e77c9cffe2c3c4f1b1192f8acee7a99cf7106e8
SHA512

b3e23667a3ba95db64c6147de09700f3a545cdbec43047a1050b7942bf9b4a269f71fbe4e09799873b12b2a671b9d404276b5fe088941838cd9164e9d47d20e8
SSDEEP

196608:lREcqgDmKJp7LOIZuSokkVj9hwhRKmSZH/UuSRUIDxd3ObF2GD/VrQuG9:lREcqgDmo7qx3V7WEfUuSO8d34jdrQ7

Score

10^/10

umbral pyinstaller stealer

Malware Config

Extracted

Family

umbral

C2

https://discord.com/api/webhooks/1286410156086657135/y7TF20aVqx76GuDRgjns3cJ12jus9sZ45Frb_eNyqMyI_5W9_y_ZNBROkZh10eJnySEN

Targets

- Target
  
  Image Logger/Setup.bat
- Size
  
  187B
- MD5
  
  43b1a15e2307916cb5d7868cfe1fe562
- SHA1
  
  84b20014f6138b2f526047d4cbf531037d4d3a0c
- SHA256
  
  f330318d896d9b389dcb927c907c7ad599603b002435119403040c9a65beb125
- SHA512
  
  689e974127c6ed97cb486e3597de090ad9f89faa2818c43ce11186d3f4a184a4b4a239abe1b86079a2c19da67ec3ff22315a0fc0e887905ab323129ef53c2555
Score

10^/10

umbral stealer
- Detect Umbral payload
- Umbral
  Umbral stealer is an opensource moduler stealer written in C#.
  stealer umbral
- Loads dropped DLL
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2
- Target
  
  Image Logger/Src/Files/upx.exe
- Size
  
  231KB
- MD5
  
  88b64c5cad0453a14347d415f9d4f82b
- SHA1
  
  4a613e651418497885bf4861dc27fee379eee1b9
- SHA256
  
  f7f74aeaf94b242f73f0417796f4814c1a857eaa246ebcb7a667643d90af938e
- SHA512
  
  56775a3ce0c99998c0354a5d7485fbaf01e83f247412849abd2d81461decf0e9c4fa095d43e18be74fe7225df2b6cbbc2f98f4abf5611192ef66d83abee2d7d2
- SSDEEP
  
  6144:bloZM+rIkd8g+EtXHkv/iD4irHJzZqStHY5rWWDIPb8e1m4i:5oZtL+EP8irHJzZqStHY5rWWD2y
Score

10^/10

umbral stealer
- Detect Umbral payload
- Umbral
  Umbral stealer is an opensource moduler stealer written in C#.
  stealer umbral
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral3 behavioral4
- Target
  
  Image Logger/Src/main.exe
- Size
  
  12.3MB
- MD5
  
  9c9dc758b34d719a4279bdf87e52f975
- SHA1
  
  3a659e7c11832dc935696c93c7f9d81041f0522c
- SHA256
  
  5925b2b709bfea787674db60f127a6117c60c88148317c9f9bb7cce8d4ff1316
- SHA512
  
  fcedbbceebbed1d8cc3a2d148f951bc919e0fda5ca59eebc7c848b52844681451d97d0aede01cf9afe2ce942b87414479b141a4136c07db2fa52b5b8b4209091
- SSDEEP
  
  393216:rI8DzgpgPYVnNSMF1+TtIiFavB5IjWqilzLyG3zE:r5DzgpgPQH1QtIx3ILi93
Score

7^/10
- Loads dropped DLL
behavioral5 behavioral6
- Target
  
  Image Logger/Start.bat
- Size
  
  59B
- MD5
  
  f43a646ca2cde87cc20f3756ad12e51c
- SHA1
  
  2788e5da1348b7418356d2a485a40c7fb4697588
- SHA256
  
  3ea2dd9cdd54135aaf47b196acbd4b54be5744be4fdfa022600e2cdd1cdf7d0c
- SHA512
  
  3788d856a36cba78b147dfc4263682105cd4ddf6f6db701b4cbe95a4b449d397ff5d5f039a93dd77f055bb6db329f908796fb3ff0969a8070647ffc1c13fe7cb
Score

10^/10

umbral stealer
- Detect Umbral payload
- Umbral
  Umbral stealer is an opensource moduler stealer written in C#.
  stealer umbral
- Loads dropped DLL
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral7 behavioral8

MITRE ATT&CK Matrix

Tasks

static1

pyinstallerumbral

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8