General

  • Target

    GeoLocate (1).rar

  • Size

    316KB

  • MD5

    5f580514f24c6991b0fb893d71cd7183

  • SHA1

    f2f1a6efdfae8de7be414e8438119a76fd13d891

  • SHA256

    e88b3a06ac0cbf4130b1c66dde276a4062f472a71d2bf72048ffb577318d5979

  • SHA512

    c5b042b1b329ccb9c5761f579c64cd410fca20ab6ae10982c72b8332dde67cc9a4ee77ab1278514eb041c2b6eec911ddf53191c9d8076c886cae3ceb21d488c0

  • SSDEEP

    6144:ZLNW7iZ5uKnKQ4TuV1sU4URDAHPgNtUlqTz1vAWCEBlE2kw6L:xNW7e5Kvc14UR9UluIWCYlE2Z6L

Score
10/10

Malware Config

Extracted

Family

umbral

C2

https://discord.com/api/webhooks/1286714539492249691/WGN7-dFwgZ0rCdSawTA_6w4aqFusamrpnEHJq2mpQA-uVYCCW9OCO2W1dKDE0JeS5MPw

Signatures

  • Detect Umbral payload 1 IoCs
  • Umbral family
  • Unsigned PE 2 IoCs

    Checks for missing Authenticode signature.

Files

  • GeoLocate (1).rar
    .rar
  • GeoLocate (1)/GeoLocate/Src/Files/skid.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections

  • GeoLocate (1)/GeoLocate/Src/GeoLocate.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections

  • GeoLocate (1)/GeoLocate/Src/Newtonsoft.Json.dll
    .dll windows:4 windows x86 arch:x86

    dae02f32a21e03ce65412f6e56942daa


    Code Sign

    Headers

    Imports

    Sections

  • GeoLocate (1)/GeoLocate/Start.bat