umbral | 63d85f785ae777334f40e7d6e91feecdf496a411a2c8bffa2686db186423ca4a | Triage

Sharing

General

Target

Synapse C.zip
Size

59.6MB
Sample

241011-hp5nqszhpe
MD5

8e8fb4069f22ecc6a7a56885a8e7ce24
SHA1

55786d72069c2b7703cd15b1c2891fd47aaf96d4
SHA256

63d85f785ae777334f40e7d6e91feecdf496a411a2c8bffa2686db186423ca4a
SHA512

e1c95304df9e366cf77118db2e06db79bbafadbf66eb6475bad988a8b284e67f8a2c379f8de2969f47e3b7d9c1ac81cff237c2c89b2373c34794a62c4f865798
SSDEEP

1572864:b7l+6RgiDXnalHZTt8MSCl91aSlQMvM+8lw+j9lF:nl+2Xal5Tt9HPl1M7JlF

Score

10^/10

umbral execution

Malware Config

Extracted

Family

umbral

C2

https://discord.com/api/webhooks/1289807930538856480/0Ot6Qsk9Kvg_8M6-aNwOLVUKHA9ucJSLfhDqUdiYM1tA8m9IVnGBc0PcVCyMJgIe2raQ

Targets

- Target
  
  Synapse C/Ace/ace/ace.js
- Size
  
  702KB
- MD5
  
  9094e4831ca6c8ea8bb007410dee4299
- SHA1
  
  7fefb214ea6990c822c08e7e2c5ba809551fc098
- SHA256
  
  92baf7f3e1f41690fa0ea64ba2e31596fa0e1aa85c4c7f35188a39b249a73540
- SHA512
  
  c487db1e763ca61cb139fe34ae33820fc6d74358bb048e0722bb00e0d9071feb6dee5df515f50794bb95f6157275f264bee74f1eb4aec5f733dd069e017bdfcd
- SSDEEP
  
  6144:oq4Z4StNfGDghjQYOIsb9U9lJiujPxBrLeq/SqJbXbZV8dxcQgnmpqptB9z/n68t:ojBtNfGkf/jxBv7oeR9zWk1nyN0XRx
Score

3^/10

execution
behavioral1 behavioral2
- Target
  
  Synapse C/Ace/ace/ext-beautify.js
- Size
  
  11KB
- MD5
  
  e25a9f1eefb91ff068f8f2a3d021098e
- SHA1
  
  72ab67d8e39cb4f61d384cf5666085d7e627d3f4
- SHA256
  
  c8c01930591173ebe64a1d6b9280f36398c83c5ffc148b04f73fa94b4ef36191
- SHA512
  
  fd8412a50b74c72fbd6180bb8031a8ff81b7ccb691ae07ce251587fa65e230810d18a0d9c0387cb7bc6921a062766c7ca0e7b2e90a4cd19af2db1462359eb675
- SSDEEP
  
  192:925ATmDTIxw+gO1WSS7PXOig6iGKiPiZ74NmZbhBoiMS+k28iSqQqHAFvSYJppWT:UATmDogOcKZbKL0y7
Score

3^/10

execution
behavioral3 behavioral4
- Target
  
  Synapse C/Ace/ace/ext-code_lens.js
- Size
  
  7KB
- MD5
  
  12022137d3802cf3a9269e2e52289425
- SHA1
  
  bd8dbf3bb4a3d5eec3a63564a30b4c8cf09472db
- SHA256
  
  2a6770ea9f8f0179f71d66d47f65bcfa28f918fede686422e54e0edcb9f19fcf
- SHA512
  
  0f0095034720f8e6b07d9189d3a9b39da71889d5808f0fdb7f8cda99463fd693467c94032a6dec32951535f5f6c1bf25e51e25cf6c39d160c10b03e1f15d1550
- SSDEEP
  
  192:zACH9KCH9TAH2K/CKCHKH4H5iwt0741tHJHyR8Hdj6oXeWgcV1dyKHPur9yxCCH1:cCH9lHBAH2GClHKH4Hg743HJHbj6yeWL
Score

3^/10

execution
behavioral5 behavioral6
- Target
  
  Synapse C/Ace/ace/ext-elastic_tabstops_lite.js
- Size
  
  8KB
- MD5
  
  4a5c939da4f22719815b2a85b11d29b6
- SHA1
  
  493a37c00678d36d34f860056c936d3c6083c79b
- SHA256
  
  03ee8372a6429a8c56e8af02696e66bf42459db32a196f17f8d2c672caa2ed04
- SHA512
  
  a51aa6d3e50fab0a82333b3f09030006676d1aa3334b88b6155dbeab67dc0241b8d3f1f91a626cf7f75c659f77c1d8937532b320fb87690ceca24b9b973bd5ec
- SSDEEP
  
  192:glgCuuLpykQ8yuhtLMa07bsSslMosy9gyQoFx/UUhpUSbax3r+/Sy1TCa:agC/rQuMLsnlMojx/UUhpUSbax3r+/p7
Score

3^/10

execution
behavioral7 behavioral8
- Target
  
  Synapse C/Ace/ace/ext-emmet.js
- Size
  
  47KB
- MD5
  
  3c3303c8a63e5ae66f982350ec857e87
- SHA1
  
  f74e7a21ed7ad26662e02f94abe34aacf6882785
- SHA256
  
  23331809f93f30031c0df2673450c6d67fa13bf3211dd7094d1d6fa9b99e9c18
- SHA512
  
  a8cff4d37337535a9886e5d24143de9d507f61a0306dabb7ff3d4b9186f51d52c205153c3dc6b0d587089f724ba3e2a83e7f9af2c7b26f15fa820898f48321a4
- SSDEEP
  
  768:7z5x5p5gfW3oq1D183CPjvHUCJyYZBkn7yOTbGK1JLP3KWa7kg/IqzCDrpNyBhB+:7z5x5p5gfW3oq1D183CPjvpJyYKpZ7Ck
Score

3^/10

execution
behavioral10 behavioral9
- Target
  
  Synapse C/Ace/ace/ext-error_marker.js
- Size
  
  336B
- MD5
  
  b40f7996c4bf9099abb5f8b3b0f0be7e
- SHA1
  
  f408918b226931d0090064f6b2ad3922890152d9
- SHA256
  
  d549c299502c356538f2444d4ebba5f251d9cfd7fe137c35a9dd64aa0d5650a6
- SHA512
  
  779e2946d01663fc4b5b7e4f6f35621964238f6b4c9eaeafaab85622ca7b62c338afe11476648b0d642b27d35197501f928eaf8229f9001c0ae5652f04197a65
Score

3^/10

execution
behavioral11 behavioral12
- Target
  
  Synapse C/Ace/ace/ext-keybinding_menu.js
- Size
  
  6KB
- MD5
  
  787511652c337dc828b4a0bfbc6d261d
- SHA1
  
  641a18805cd2631e580403bcef9e6f85334c5c45
- SHA256
  
  d4d7e19c716ebbe0904d161e2f627e89c30f9358d8960f78c4e4265f9b5e1802
- SHA512
  
  264f8dd02d3207b1e6e1cab6ef6a849152496ee9fd7b9749d1f96db7cdfe32fe5fe5c94d4b6ede87066e7c8b5888f72504de09c6d5258e4a24744f9210ea16e7
- SSDEEP
  
  192:2zQgi+w/VwzeFZmZucbzcBUeQ9PI08ob5JIJzp/xtSgX2s2h23mjiDya+mTCa:mzeKcUnx8aIJft8AyaD7
Score

3^/10

execution
behavioral13 behavioral14
- Target
  
  Synapse C/Ace/ace/ext-language_tools.js
- Size
  
  75KB
- MD5
  
  56e84b42d4d10cf8b86d9462c517ac78
- SHA1
  
  32ea9cb3663bb281beb3d00a66520460e6b4698c
- SHA256
  
  20042860c5d8776ab14925360d1b14a378dedb1cdb62f1bd2689aa4f5e1cc750
- SHA512
  
  a02f1836ae46a66ebc7553be11cf9b357013f7a90bf8dc20d999f97ec44ba03dc1f2136799131c9b7c41d9454c73362d314195a5c42dd88014cf68fe3a02bb38
- SSDEEP
  
  1536:7z5x5p5gfW3oq1D183CPjvpJyYKpZ7CWa7kg/ImCDrpN8msdFKVYYf8cLNt5AqeZ:7z5x5p5gfW3oq1D183CPjvpsYKpZ7CWC
Score

3^/10

execution
behavioral15 behavioral16
- Target
  
  Synapse C/Ace/ace/ext-linking.js
- Size
  
  1KB
- MD5
  
  932265422f7925d95cbe5aebe3a12f2d
- SHA1
  
  a841875e361e6d6406d8c359568e69785d8b76a9
- SHA256
  
  06f733685f2bfae0453f2429772718ca49bd82d8fa748360f8b5f69e0b9ea612
- SHA512
  
  730bbfb647b18b4339eb14d200a46617cef4e68354f24092bbf82a33edf2a8fe1f4dd988a9ae691ded3f34e79c626f8068b4357b7dd39d7f9bcca448c1ba5a7e
Score

3^/10

execution
behavioral17 behavioral18
- Target
  
  Synapse C/Ace/ace/ext-modelist.js
- Size
  
  7KB
- MD5
  
  6bae0154b4d0810eb877c9be3ce75e60
- SHA1
  
  6385ca597d6c7b1f96ffcc58ce1ca805471817d9
- SHA256
  
  2320ea3d88be7be9ab5c6fbe6ed170dd93e160547574ce6df0d137aa27d2f9f5
- SHA512
  
  bf15b43032ce2f39b28db369e3dcadabebf523caf89aaaed9a528f0564528ea660f70cffeb6927cfdfe0710341214c3224b6df7b43258bbf1df20920131f1179
- SSDEEP
  
  192:viIuiQvnTIoVcsruDi5z0O4D2OKkbeJO9kdfFUrsjs/VDfWQofXFe5LsTCa:mT9VcsrkiR0O42gk3UruOVD4FgLs7
Score

3^/10

execution
behavioral19 behavioral20
- Target
  
  Synapse C/Ace/ace/ext-options.js
- Size
  
  24KB
- MD5
  
  2f5befaf500898a836ccd5d923164986
- SHA1
  
  dd812334d2a173dbf24caa73adc1438a596ff38b
- SHA256
  
  6dc683f92388f86e640b0a14ba6b75c5b0f94aed24ccffc4ba5f8eb529e32aa3
- SHA512
  
  14dab1a7da67fa4f2dfafb29c56872c6cf8b1af3afd8ff44fdd8a2a6632964fd40d73ff314e1c610cb998ed68241f15c395ac2f9826947f8727b77c52ab91aad
- SSDEEP
  
  384:mzeKcUnzT9VcsrkiR0O42gk3UruOVD4FgLvg39wTN7ZrosesnRRDlZTQnjuO7:m6KxnSkGg3mJ5nZTQaQ
Score

3^/10

execution
behavioral21 behavioral22
- Target
  
  Synapse C/Ace/ace/ext-prompt.js
- Size
  
  95KB
- MD5
  
  2a2b94eb2ee36301b19dca07d74cdf0d
- SHA1
  
  f1586022f5c13e3d2475e1c665ae9c74ac4e9ace
- SHA256
  
  8a71ef4c6add557fe17cd16e56f97533bcd6a335149b6f1bd85c45c78aa71550
- SHA512
  
  f785b403bc36120619852d80d2422da08baf1328f5e4dbd3148dafe9f1bc299cb91e8d0a65370d8ad4ab9fedb67b83208fd75fa926d22e771f95901d95da7ab1
- SSDEEP
  
  1536:P2cLNt5Aqeg9tz5x5p5gfW3oq1D183CPjvpJyYKpZ7CWa7kg/ImCDrpN8msdFKVP:P2cht5AqRHz5x5p5gfW3oq1D183CPjvy
Score

3^/10

execution
behavioral23 behavioral24
- Target
  
  Synapse C/Ace/ace/ext-rtl.js
- Size
  
  4KB
- MD5
  
  c3cc7439adca6e58aa20abc93d24e712
- SHA1
  
  5b6ac06447d558f140ec544a4841836c22d4c78e
- SHA256
  
  a5c0ccb71781f451ce0d8bb36bcf654d01742c258243d84a6de39d4836df228c
- SHA512
  
  2da99842e6b31d80b25a02c2e97025281e5e92d4ba60f07ca887f9e486e17e1299d61b2dd31de1cc2b715447c9c9359b1bd6e6c36767828966b1b137ff3576d0
- SSDEEP
  
  96:fjMAmLqAJEv+ZPTo/mZPTBkt4xryhk1lO+ybLLvaATCa:fjMAmLqAJEv+ZPTo/mZPTBkt4xry+1A/
Score

3^/10

execution
behavioral25 behavioral26
- Target
  
  Synapse C/Ace/ace/ext-searchbox.js
- Size
  
  18KB
- MD5
  
  46af7e3b7284730ecb9357bca6ab22c6
- SHA1
  
  989269af35c761430592ec0d5dce95ddb2d18ba7
- SHA256
  
  c21fbc384f179594b606eb6eb66e76f00238e1065dee6b3184f01570ac8627b6
- SHA512
  
  0e7ff8f92991350748e231e4992a45a3207e2bd3879fad1ce323430e1b85b61c8660e165937b13848c8ffa1ed377a0158256c007ebcf9df878651c6baabb3d3c
- SSDEEP
  
  384:wHrbNgH7HS2Pwu+uauOjUeEZPb/1q38LGL0hkLmsW5g2iRisn/Yoa7:wLabHS2PfOjUeEGAhkLmWYyYoE
Score

3^/10

execution
behavioral27 behavioral28
- Target
  
  Synapse C/Ace/ace/ext-settings_menu.js
- Size
  
  25KB
- MD5
  
  166c7e84995912257a199a89e7446f64
- SHA1
  
  ed786e693558ac648736237f31ffecd785708b16
- SHA256
  
  55bd8b6bfb7aa6255bd758ce656fc7133d5491635e32f3e22bfea6ab15a36b91
- SHA512
  
  b7efdced9fbaacc1f9ce4fdd147eb6c072f3a92eb70e8996f42a1e7784fec6cfee4f04d30d6fcf1aad8907a9f743ac7d39a174af2331497d5c8fbcb176c9177c
- SSDEEP
  
  384:ozeKcUnzT9VcsrkiR0O42gk3UruOVD4FgLvg39wTN7ZrosesnRRDlZTQnjuCnLjL:o6KxnSkGg3mJ5nZTQaALjL
Score

3^/10

execution
behavioral29 behavioral30
- Target
  
  Synapse C/Ace/ace/ext-spellcheck.js
- Size
  
  2KB
- MD5
  
  99f6856221e85bcb6f63b41a0efa483d
- SHA1
  
  470dca456022982d3c94628fffa060cbc08c0d6f
- SHA256
  
  44db4bb8f75e05957937227bf056a8969ad7411c410f56a6bcad1fcabc71df44
- SHA512
  
  4a2b9586af8e4f0f8b3653058f876e01bf69ae9c629bb86774bd0ad3c8299903412b4ffc3c47cb4ce0f0dc71f7bca442f0e8ef32cf7c154a39fe71059087dbfd
Score

3^/10

execution
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

JavaScript

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32