General

  • Target

    cmclient.exe

  • Size

    227KB

  • MD5

    2ff5eea0426612b967301396523c9835

  • SHA1

    af092e6d35d0c0c09d07102fb7e4416459b3d056

  • SHA256

    d36f3b379bcafb2f206a5dc18297c0c0fa0fa6afb44f7640da54cd809051b24c

  • SHA512

    d442d98abd61aa7f551e3309028e303c4390ab54bb94149d8bf0022b7faab1d70e40c66875f8d997e2203964dc8213084d50b108e088af5b433dce2c225f7a3c

  • SSDEEP

    6144:+loZM+rIkd8g+EtXHkv/iD46NdMiAfbokxUyzzqZYw8e1m9Qi:ooZtL+EP86NdMiAfbokxUyzzqfWJ

Score
10/10

Malware Config

Extracted

Family

umbral

C2

https://discord.com/api/webhooks/1281266577064595527/B_5Sh3QVnIz_pnsyGmf0PUMl-kPismq8ChthkRV0DXLIezBCbZG0RnaMiwlvjsEyFy6c

Signatures

  • Detect Umbral payload 1 IoCs
  • Umbral family
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • cmclient.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections