umbral | e8857644b82de029a1405a44af687c1fe56b84321dfafa46ebeaefde2c6cc6d2 | Triage

Submit
Reports

Overview

overview

Static

static

Umbral.exe

windows10-2004-x64

Umbral.exe

windows10-ltsc 2021-x64

Sharing

General

Target

Umbral.exe
Size

231KB
Sample

241024-ykkqrssbnp
MD5

2a34868cee558d4409d8fc0ba7739862
SHA1

ce4ff55f6ff82fec5828fb46216b9932541c03f6
SHA256

e8857644b82de029a1405a44af687c1fe56b84321dfafa46ebeaefde2c6cc6d2
SHA512

bb2b020fbb87ffe5f97382aacc3350517c7a65344f84ac06b3323e3590dc0a210eebdddd3bc3c74a099217488f0d836a1ffcb80fa23f60937b916429c7d383ab
SSDEEP

6144:RloZM+rIkd8g+EtXHkv/iD4jHwtxds8e1mCi:joZtL+EP8rAx0U

Score

10^/10

umbral stealer

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

Umbral.exe

Resource

win10v2004-20241007-en

windows10-2004-x64

5 signatures

150 seconds

Behavioral task

behavioral2

Sample

Umbral.exe

Resource

win10ltsc2021-20241023-en

windows10-ltsc 2021-x64

6 signatures

150 seconds

Malware Config

Extracted

Family

umbral

C2

https://discord.com/api/webhooks/1289644617658011658/iTZE0Rs-278UzjXUjBqtfginmwRUmKFURSWNdKdC5d3CwSQGaWDqt3bbixrvwxBNRTWQ

Targets

- Target
  
  Umbral.exe
- Size
  
  231KB
- MD5
  
  2a34868cee558d4409d8fc0ba7739862
- SHA1
  
  ce4ff55f6ff82fec5828fb46216b9932541c03f6
- SHA256
  
  e8857644b82de029a1405a44af687c1fe56b84321dfafa46ebeaefde2c6cc6d2
- SHA512
  
  bb2b020fbb87ffe5f97382aacc3350517c7a65344f84ac06b3323e3590dc0a210eebdddd3bc3c74a099217488f0d836a1ffcb80fa23f60937b916429c7d383ab
- SSDEEP
  
  6144:RloZM+rIkd8g+EtXHkv/iD4jHwtxds8e1mCi:joZtL+EP8rAx0U
Score

10^/10

umbral stealer
- Detect Umbral payload
- Umbral
  Umbral stealer is an opensource moduler stealer written in C#.
  stealer umbral
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

© 2018-2024

Terms | Privacy