umbral | a636e320333aa10ae6dfc2a18feedb06ca11fff33fbdcf4c6d535422275c8149 | Triage

Sharing

General

Target

stub.bat
Size

257KB
Sample

241018-vq7kyazhlk
MD5

192df095e220a68594056863421831b0
SHA1

331e2fa042bdfe106939ef51aed189bcacc56779
SHA256

a636e320333aa10ae6dfc2a18feedb06ca11fff33fbdcf4c6d535422275c8149
SHA512

ef1f5d579324ae2e5629ac22d7c5d15d022c5455e93da8ac727da4d3aae4b9c17e0edcad2e6fe2b63a06f88dffbfd8df27db7fef287f26d41418b452eb221378
SSDEEP

3072:MgIX3vJ9uIgVvEcPPJ2WeutPPYd0V6764o2CHZhPM8Kci/rm:MgYv3gVvvp2mISg78HTMx/rm

Score

10^/10

umbral execution stealer

Malware Config

Extracted

Family

umbral

C2

https://discord.com/api/webhooks/1296881939680067706/okFqaYEnuvQco166VZj_g8SUGXfI3gHhci3ydc2yt4jOftBorAOa8oTp8XqfdvrJdaQ4

Targets

- Target
  
  stub.bat
- Size
  
  257KB
- MD5
  
  192df095e220a68594056863421831b0
- SHA1
  
  331e2fa042bdfe106939ef51aed189bcacc56779
- SHA256
  
  a636e320333aa10ae6dfc2a18feedb06ca11fff33fbdcf4c6d535422275c8149
- SHA512
  
  ef1f5d579324ae2e5629ac22d7c5d15d022c5455e93da8ac727da4d3aae4b9c17e0edcad2e6fe2b63a06f88dffbfd8df27db7fef287f26d41418b452eb221378
- SSDEEP
  
  3072:MgIX3vJ9uIgVvEcPPJ2WeutPPYd0V6764o2CHZhPM8Kci/rm:MgYv3gVvvp2mISg78HTMx/rm
Score

10^/10

execution umbral stealer
- Detect Umbral payload
- Umbral
  Umbral stealer is an opensource moduler stealer written in C#.
  stealer umbral
- Deletes itself
- Command and Scripting Interpreter: PowerShell
  Using powershell.exe command.
  execution
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

umbralexecutionstealer