Overview

overview

10

Static

static

10

Umbral.bin.exe

windows7-x64

10

Umbral.bin.exe

windows10-2004-x64

10

Resubmissions

18-10-2024 16:40

241018-t6hfbayhkl 10

18-10-2024 16:37

241018-t422yaygnm 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Umbral.bin.exe.zip

  • Size

    94KB

  • Sample

    241018-t422yaygnm

  • MD5

    ae322f488885d2273b3bd43caec90f8a

  • SHA1

    dd2f4301dd681e87736cb29ba529e02c58239fa1

  • SHA256

    3eab204e57a51e54418bb1b51a2bfff7ba4b0478ee1625dbc9f49681af9812a4

  • SHA512

    2df4b92fe93438df1af53ca08978f36fa705c24c05dd380f808f0a4cf630c90d989880631a569f4ab52fcb919fda20e1645a9f42220dd2bf880d3236fb816b50

  • SSDEEP

    1536:2P1k+P1H3psV9p21kQ4kGFjQiN1EqcsOMiSoobzme9KCpTPWwLHWWmjPtGioJ44T:2Pq+Ptps01kr1gqFmbCUw7WWAs

Score
10/10
umbralstealer

Malware Config

Extracted

Family

umbral

C2

https://discord.com/api/webhooks/1292553414680514621/qkfR1ob7Kv4fi78hXnWXivlpIWfUCKlh6JX0apuJc9KpTbIjTqbRXxI0p4FJkCT5lWk5

Targets

    • Target

      Umbral.bin.exe.bin

    • Size

      232KB

    • MD5

      1377d5688f3780885e77a0ec534be5b7

    • SHA1

      91628df86ab2fdf204781d970d0635103a01aa1d

    • SHA256

      f925d39bf8715d44d8558e287076c2783318767b3dda49715147cb38a762c5a2

    • SHA512

      b4fb4e7d708fc1167d193e44ce8b44187e2ac69b8bfa522f7b2e8d9871eebefc6b60e9521aa7e444c3c21b986112b4c2f91ced78d2a9b2bc79b569817c4564c2

    • SSDEEP

      6144:KloZM+rIkd8g+EtXHkv/iD4/fvrsyVtGDTOMdWDjo+b8e1mNoi:0oZtL+EP8/fvrsyVtGDTOMdWDvQ

    Score
    10/10
    umbralstealer

    • Detect Umbral payload

    • Umbral

      Umbral stealer is an opensource moduler stealer written in C#.

      stealerumbral

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks