umbral

Sharing

Copy URL

Twitter E-mail

General

Target

Primordial.rar
Size

8.3MB
Sample

241015-apllvsxgpq
MD5

4b72de5e5992c017f84249687adf30cd
SHA1

119b83b4c112e3d47ac203e93b9340cdb7bd584a
SHA256

3a2b81f84a4ed157b1a059be3046930972ee8480be3b67ebf15e9bbc941cf883
SHA512

5aab0a9a77818f773eae775433dbaf95deb289364f2693ea5f95ec261fcf2c28f08b264a778c84c5ec2b3539e176a34837e214bd4fab570785a6b7c783e225d3
SSDEEP

196608:4YumurC26vuvF84Q1U7dR9D0CY73LVkaG9vXsnuji1D:4Yumu184TdRnY73nUnji1D

Score

10^/10

Malware Config

Extracted

Family

umbral

https://discord.com/api/webhooks/1270399724431867935/HjClfkOVqhZa8ElKgkYuPRyoXVGf7yB2AqieOsUFaDEyif-Oe__Dw5TFjFKt_Mc4n-Dr

Targets

- Target
  
  Primordial/FIX/fix.bat
- Size
  
  474KB
- MD5
  
  453f264a24e831c2c6538150c905e4e5
- SHA1
  
  f9c2d388178287057e3f7fdcfc9328a79ce8f9ba
- SHA256
  
  0dbc58a5bf9747256d2f3013ed8e4df48157f62853c289b006e426a61a02d76f
- SHA512
  
  3f1fa79c3415b796fb7fdef47c740fd7ba31bb02a800b7f8e68da5688f7240f5be54e6a5e19f8d72433edd74943c11cef93494752e5e584958af9cac5423b889
- SSDEEP
  
  3072:zEhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhd:a
Score

1^/10
behavioral1
- Target
  
  Primordial/FIX/libEGL.dll
- Size
  
  65KB
- MD5
  
  fe276543cc6ae9c25f58d95d839293f5
- SHA1
  
  4bfea57b0a1393320f1ff4891c990f34a9b27b41
- SHA256
  
  fbdf9675b1ff7e32c8026bfaab2534b9b0302ae3773df24aefa2290915469f2f
- SHA512
  
  b56fe47fd4a7ba2c211fa9518a33af0ba6943082e00de89c596e59a0111c77742e9e0b8113552bc89ae50d29dee6aaa2cdecdfe82443b3bf5c52327e1b2212b2
- SSDEEP
  
  768:x+Ne8iE6s4sgTQ+3lIcXOQPXefmJ+63mzVVx:FbsgE+IixPXhZWh/
Score

3^/10

discovery
behavioral2
- Target
  
  Primordial/FIX/libGLESv2.dll
- Size
  
  7.6MB
- MD5
  
  a536c452920e0d95c5cd8cd187ca3e65
- SHA1
  
  c33974d8def318317615f9714ee175e0dbd80661
- SHA256
  
  68d56f1681840e5f87e1b06c47a82887d9a147dcfc8de9c1f9a778f3370014de
- SHA512
  
  959c81d2ce72b498aecc96f07666461c6b59f4e0c6113b5118b5e1cd727e8e9370a29a07595516066b83b70c43e4d1ac62b87545ec708019aceee3b7e3657258
- SSDEEP
  
  98304:5nlbXzhGP2sAjc8pjCT1VNpv0RCw+MGIuRStSVoYewueeNygIc73ECclRI:5nlLzhGP2sg75CpVNpv0RCAuRStSVEz
Score

3^/10

discovery
behavioral3
- Target
  
  Primordial/FIX/libQt-Secret.dll
- Size
  
  133KB
- MD5
  
  541a05b1e93cf3a31212396f9e48d1f4
- SHA1
  
  e541efb4ada116b865984a368c5e3079fc937c2f
- SHA256
  
  d4cdacdfcc3e0a470b94301c34b60255939a65d85d00cba0501f8e946cf536f5
- SHA512
  
  602a27f3bbbf0219b7a01898142c3d4668770b2587e2d8c69f78445140aa00e3f1fe4de510a4327bfafaaa5895a8fcf5d272e54d3ba88e01086fc91a6183d78c
- SSDEEP
  
  3072:uAoJmzwVIJ5NXsEq3JbjOhCp3LDu74WXhtnyOmEVHdKtZKV4Yb:wJmsVIJ51BuJUOY4QhtnyOmWKtZaVb
Score

3^/10

discovery
behavioral4
- Target
  
  Primordial/FIX/libQtBigint.dll
- Size
  
  221KB
- MD5
  
  cbd5ae124116da67c4ff2097ff5b7fc6
- SHA1
  
  5103145253df13ec3edb478b3f8ce7a8fdf00b0a
- SHA256
  
  179efc80482aafd0192ff81bda027c88e2ff588e43647848d41d1c7e08aace81
- SHA512
  
  60165e374dc68157061a753bd5ca477ffc68a429d5e36c138c759c508abe3a2af39ecea5a5f3934b4923a40d3249b88f82acbc179af65024228483ce31186b47
- SSDEEP
  
  3072:NOS2wj83gYANqMW0JTB5ilycV3SXR3Z96htnybqN2z:v2wjOgcQ95itV3kShtnybH
Score

3^/10

discovery
behavioral5
- Target
  
  Primordial/FIX/libcrypto-1_1.dll
- Size
  
  3.1MB
- MD5
  
  1d55d0e2e2c49735cecccd74f1a1f191
- SHA1
  
  7aab52cc45bb10d94fae0b2f1d56749a082990c6
- SHA256
  
  0f9db024a8c6e4258504447495ce1c503c0745d45c7f3b1ac209636dcc859bdf
- SHA512
  
  2e11f8d03dc27b0c0b5b27ef64121b0813fccedfb7b802c34884a6cd1a168818b781778e98d8eaf6742e1feb87d832d794e979a41c58c7a33a740a5ba149d48e
- SSDEEP
  
  98304:d9swSdezDZf6DvZodgYKNR0BwSJFetd8A9BHZbtU5fupK81CPwDv3uFfJsp92KlJ:d9eGDB6DvOdvKNR0hTetd8AbHttUxC5r
Score

3^/10

discovery
behavioral6
- Target
  
  Primordial/FIX/libeay32.dll
- Size
  
  2.2MB
- MD5
  
  e22b2e3d650c33c9197f985b7516da70
- SHA1
  
  87fe823dfd9a2ed7596cbfe249318c17e095aeb1
- SHA256
  
  2270871989e6c90df07b3e4630b4c4b6dd0e33e2a23ba3c52a7ff7bc3553304e
- SHA512
  
  84c9ca6f4dd73fb1f426671f937ab0e0210dce0bfb0e48fbb8e0305d31aca97d762a6b462c8daef5092d27b612fd7bfc7a6e3664995eee2ece25598dd3b48af8
- SSDEEP
  
  49152:h/O+JXTGl7CsCgvt/FOdufMgKz0/0Nqwvls9Uf:h/O+JXTGl7CsCgvt/FgufMgKRNqfUf
Score

3^/10

discovery
behavioral7
- Target
  
  Primordial/FIX/libgcc_s_dw2-1.dll
- Size
  
  113KB
- MD5
  
  9aec524b616618b0d3d00b27b6f51da1
- SHA1
  
  64264300801a353db324d11738ffed876550e1d3
- SHA256
  
  59a466f77584438fc3abc0f43edc0fc99d41851726827a008841f05cfe12da7e
- SHA512
  
  0648a26940e8f4aad73b05ad53e43316dd688e5d55e293cce88267b2b8744412be2e0d507dadad830776bf715bcd819f00f5d1f7ac1c5f1c4f682fb7457a20d0
- SSDEEP
  
  3072:nti6N0WeF35Ro7hAWP6cagLSuf6LG3qSbKE4M:ti6N2F33wGJVuHuE
Score

3^/10

discovery
behavioral8
- Target
  
  Primordial/FIX/libgcc_s_seh-1.dll
- Size
  
  72KB
- MD5
  
  98130c9779c39825dd123029060b8084
- SHA1
  
  57ab9af726692dbb0d2d65ab95f03f1b87e7da3e
- SHA256
  
  479907904acf2836a3e103a192393e98c98cfddc1b4c0b8ff20a442521900c6a
- SHA512
  
  4afbcb353bc4e697005f05ce729d52d14ce0538a0b3fc76044a72725296cd805682cb004630cd20b1d150ddf348f92478b5243dced378cf4720be51b61e117c4
- SSDEEP
  
  1536:LsqqtA41VJOCd1laNO/1ItsBquOTyCGo1Bx:lEVNLUNCXDCP/
Score

1^/10
behavioral9
- Target
  
  Primordial/FIX/libssl-1_1.dll
- Size
  
  924KB
- MD5
  
  8a7d58e6c9c4d25c84dee3c64d027974
- SHA1
  
  3e3c8218cc2cec46b1aa550f126fba564a94c9df
- SHA256
  
  68f64b6d4d77c704d3caee3dd97e8cababd8717f5c764f8d1b919697ddfc7527
- SHA512
  
  b56a532c3d53e7d73d700f9b6dc5e790a78c048e5bb1522fe75dafb1d556a5594d7d07d75dea7ccab6ace7b3644f6a2947dbc6a6acdc3c2ddc7c807a92eea157
- SSDEEP
  
  24576:7UU0ODDlfQixG00OZclDZGXFu1UYaz99v0BAEjYkNN/OknUVQiQG7iiHh7IMwi:Z0V0GwZqAu1UYa7v0BAE8kNN/OknUZQO
Score

3^/10

discovery
behavioral10
- Target
  
  Primordial/FIX/libstdc++-6.dll
- Size
  
  1.5MB
- MD5
  
  051973a1420749e10d007049f15a30ab
- SHA1
  
  27141d4e7847e16f3cedd487dd3f074811556ff1
- SHA256
  
  672458902acead23b1a4dbca8b26e51324e88948196bc30d68703d45547898e8
- SHA512
  
  0f105ba29af981afe3a43e6d789f5df8a501c252d3f46bf730d5c92c98358c6656cbdc7bd7d5a0d4c5357ae0acb1144828358b07cf2b1515512ca9b4d3f047fa
- SSDEEP
  
  24576:tlmzPYgYh5doxJzaaTcXQRL9uy8nHNC4o0v4A:tlG375ynr
Score

3^/10

discovery
behavioral11
- Target
  
  Primordial/FIX/libwinpthread-1.dll
- Size
  
  46KB
- MD5
  
  ed53eee1623a43e9ae174262169f0f2e
- SHA1
  
  4bf7e9fa40878e19d6d7b8277982ed958681af86
- SHA256
  
  0b5532f93126db45689d7e3162cfc6951f78738a182e52712bb2c71980468f23
- SHA512
  
  dce1bc89033313934323e9ad1fd0ef7a525df0fd8f2f7c64b5ca8f5e7780b5526ce9e1fff408f8a00b46f718763d492eae059b7d11d873eea3186e8584dca53c
- SSDEEP
  
  768:rMyQzwaerm97r24H/CcxfOGTwl2kl7pA/SgZ70ROoim3YaZyOZ:rMBTj7wakD7pI1oim3YaZD
Score

3^/10

discovery
behavioral12
- Target
  
  Primordial/FIX/opengl32sw.dll
- Size
  
  15.3MB
- MD5
  
  8b197f55264a44b7b25046f7ba5bd7d2
- SHA1
  
  cef69e168160968e00ffffa136e1af7819e7c0ce
- SHA256
  
  25ae7577e066fa80519a8f1c314b15cdd22e4a8d3ecd2a36eccc79e40714a91d
- SHA512
  
  6af2b1b17a7e3460099359a6750221aacb8f9ce0e80b346dbafd2cbd8e579543b980f98e0aeb199e0781a045c9d6a7f2f11c8628f960c13550328487b7fa9154
- SSDEEP
  
  393216:rNkEXgt/UOdyRLjqkmbBDrta60HYUnuedxO0g//NuPyEMO32ovq:rN1QtXdyRLjqNbBDrta60HYUpO0Q/NuZ
Score

3^/10

discovery
behavioral13
- Target
  
  Primordial/FIX/qtquick2plugin.dll
- Size
  
  55KB
- MD5
  
  bc48935d7fb9d87eed3994024f1071f8
- SHA1
  
  9cea445364aae84a38d3e79b5aabdffd4229a284
- SHA256
  
  6fccb1c95c2198d15d818e640d7849af9215e741ebbaceecfee3f3315f90b0ae
- SHA512
  
  95dc78983ba867883766a3d2a988d56bd9c9a6252e8231e631a294c5a9cee3647862909f0282284d6c5d734d41685b8ca53823538bb23a7549098e5477676720
- SSDEEP
  
  768:7aaJIsYojnA4yZ5BmzDkbhsHGleu9VLDFI+9LgQgaONFemzHQ:7aagobA4yODCh4GleUD6wLgvaONFbLQ
Score

3^/10

discovery
behavioral14
- Target
  
  Primordial/FIX/steamfix.dll
- Size
  
  6.0MB
- MD5
  
  d29cd91c52090f35ebdf9e13b97ba255
- SHA1
  
  4402167e749270b18858fea5979f02759af7e708
- SHA256
  
  d9315b18756a021dfd24722ffa355a1cfa43b3e80ac4c2a6082d37898ca1aed4
- SHA512
  
  ff436f34b2852509e630b552126d88ff58250728102f735849ecc70f53d741778df2e0bbb354238373877b0c3168b0d5bf6b5f3627d33ab86c2176fc9b95db81
- SSDEEP
  
  3:7V:h
Score

1^/10
behavioral15
- Target
  
  Primordial/Primordial.exe
- Size
  
  231KB
- MD5
  
  2a9d5da0bb69d53e1b68178bc63e9390
- SHA1
  
  b1170f7ca36ea613188a272dc8ff8720a586de3a
- SHA256
  
  b575e722311556b67bc4f2ff77470063e5453e8f9952ddcd33afec9bdefc3902
- SHA512
  
  372288f96c8d39cba9529e7c44ce4b083eddf50dc3c3317b7b97c02d07018cdc2e0913da3e8309d548f80d68c95b9dd65e4febd4d7ca3b4d6a8df3360cf6aca3
- SSDEEP
  
  6144:RloZM+rIkd8g+EtXHkv/iD4ZvHYe5xypXKYZd8ZC6lY8e1mGi:joZtL+EP8pHYe5xypXKYZd8dk2
Score

10^/10

umbral stealer
- Detect Umbral payload
- Umbral
  Umbral stealer is an opensource moduler stealer written in C#.
  stealer umbral
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral16
- Target
  
  Primordial/injector.dll
- Size
  
  225KB
- MD5
  
  346ef6158e0be3250c986f18ed6a3a36
- SHA1
  
  19e2040674ced10cef58d753f1dc42f01736c516
- SHA256
  
  4ef555dff3e077910a0e232a133cdcfcaa9153c0ccf10bd2c9fd9e6b78ad23ef
- SHA512
  
  08f4971fbc76a78f3c2e29bb369736df847c6c02823d77001a1de734a888911995511636d936a0da7c1d3a7743cc4c5146586e6d81f5e17a401bb42534ee14b8
- SSDEEP
  
  768:TddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddH:X
Score

1^/10
behavioral17

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Detect Umbral payload

Looks up external IP address via web service

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17