umbral | 6f806a1b18c89c3a482ccfb2b525eae695e9ad7c533b4c503aa1c7f3c29fc71b | Triage

Submit
Reports

Overview

overview

Static

static

Bunifu.Licensing.dll

windows7-x64

1

Bunifu.Licensing.dll

windows10-2004-x64

1

CODEMCFA.exe

windows7-x64

CODEMCFA.exe

windows10-2004-x64

Sharing

General

Target

MCFACODEGEN.rar
Size

1.2MB
Sample

241025-nyfnvszcrn
MD5

69e5611ea942cd21a757560655ccacf2
SHA1

0d2ad44df6dff58c89a6a9c3e6373c99e3b81bfa
SHA256

6f806a1b18c89c3a482ccfb2b525eae695e9ad7c533b4c503aa1c7f3c29fc71b
SHA512

51df06538b27c790fe900feff39a226238bec681311eed9ad1e40067010e2496da174f4b8bb91b89ecc96fd614977d94eb3971e9a8d422d19367d8df35168be3
SSDEEP

24576:NJYoATtIVUnKlWRgMe4xsebNjWjYckZUb1bD+G5A3vIcHP6qAG2eGs1Gb:PA5SUnmThzebNJZUbhKG5iAcv6qAGBy

Score

10^/10

umbral agilenet stealer

Static task

static1

agilenet umbral

4 signatures

Behavioral task

behavioral1

Sample

Bunifu.Licensing.dll

Resource

win7-20240903-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral2

Sample

Bunifu.Licensing.dll

Resource

win10v2004-20241007-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral3

Sample

CODEMCFA.exe

Resource

win7-20241010-en

windows7-x64

5 signatures

150 seconds

Behavioral task

behavioral4

Sample

CODEMCFA.exe

Resource

win10v2004-20241007-en

windows10-2004-x64

5 signatures

150 seconds

Malware Config

Extracted

Family

umbral

C2

https://discord.com/api/webhooks/1298608602063437835/JyCfJN4kOZTYSMy3p7C0nzjwBZVeXN-s99bZmxGmhCwtA9ugQjsNEeKH7DXCeDl2AAko

Targets

- Target
  
  Bunifu.Licensing.dll
- Size
  
  1.3MB
- MD5
  
  2b2740e0c34a46de31cf9da8a75d77cf
- SHA1
  
  242324f1112e6387cda41686291b6e9a415eeb8c
- SHA256
  
  a9be91cae167702885a5ca74273db779e3e391e2e604cc03779ed403c53ebe43
- SHA512
  
  605eb300b159e6ed2ee872b6ee378eed7dde6541000221fcd94d52057be91cb3c7dd65c7203f05e0718303b157b6fb941498b5e653501f97f0417d459da6bc40
- SSDEEP
  
  24576:ebkurkdR5uuMeiPUf2lHmdpjrcbYdwcqMw5LTvBrq/WGs1xGUfGUCco:a1roD9MeiUDDjrW4bqD5LDBrqWG0GUfX
Score

1^/10
behavioral1 behavioral2
- Target
  
  CODEMCFA.exe
- Size
  
  231KB
- MD5
  
  9503a8b58a6162341186e7376beed76f
- SHA1
  
  1076edc775b7a770b4908ff8a961d6db50489ca0
- SHA256
  
  149e3d957ea166e513bfdf2152403b27e75ae5fe110bae79b2104fdab6f8f6b3
- SHA512
  
  f2f19b80e2d369c49d9dcc25fda842c28b31baca6f78528c2074591251a947e55978173ffc72f341fbb0959219470080ad59f2f7868661d903494a308e3a1f96
- SSDEEP
  
  6144:RloZM+rIkd8g+EtXHkv/iD48xntPlO2ZTc1niinND1b8e1mXKDi:joZtL+EP88xntPlO2ZTc1niinNZI5
Score

10^/10

umbral stealer
- Detect Umbral payload
- Umbral
  Umbral stealer is an opensource moduler stealer written in C#.
  stealer umbral
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral3 behavioral4

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

© 2018-2024

Terms | Privacy