Extracted

• • Target

    Umbra1.exe

  • Size

    227KB

  • MD5

    e05f912c51e4a9928935a2738eab71fb

  • SHA1

    d200445ad98692386f1980466139533e8e63903c

  • SHA256

    f1957d71c46891f4531175340ff6d01cfab6ec22f17bec699bfa0c803c0964dc

  • SHA512

    35bb91dd64598ddf2c839097b398c1aa685b82abf60781fc1684d26490c096c3adc3f6cfa4f56be4d2a5aa6ac987acd369626072735d0e16185f55dfc53163e7

  • SSDEEP

    6144:eloZM+rIkd8g+EtXHkv/iD4A0CoNbYMTUqL9Y0hIVb8e1m7i:IoZtL+EP8A0CoNbYMTUqL9Y0hYx

  Score

  10^/10

  umbralstealer

  • Detect Umbral payload

  • Umbral

    Umbral stealer is an opensource moduler stealer written in C#.

    stealerumbral

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  behavioral1behavioral2