General

  • Target

    Umbral.exe

  • Size

    495KB

  • Sample

    241029-mtgjxstlas

  • MD5

    582bc7b05114af523db760bc2380ec80

  • SHA1

    54b26ee9d7cd0f922d5e851696099c4b6fa849f2

  • SHA256

    751dee488d8148db816da1f2326e37e579c116f76e4f8cdf21a25d1f85e74ffe

  • SHA512

    9643b236e15cb9364a1e9cdd322d16d101a9ee804f958565c95037e18fae94d687c2c0c6e7cb776b00aac55e052ef1decce46189b35ffdce8dca74f910b39777

  • SSDEEP

    6144:vloZM+rIkd8g+EtXHkv/iD4zyPvRDAmB5KW/Cwhl0zjb8e1m0iDc:NoZtL+EP8zyPvRDAmB5KW/Cwhl076

Score
10/10

Malware Config

Extracted

Family

umbral

C2

https://discord.com/api/webhooks/1300771808978665563/EvKrgWbAK7yHUuWxSc5FEsBgobFenskn3viAqiBdAAnSaFNWdP4H4VihPWTesZ6FKRkC

Targets

    • Target

      Umbral.exe

    • Size

      495KB

    • MD5

      582bc7b05114af523db760bc2380ec80

    • SHA1

      54b26ee9d7cd0f922d5e851696099c4b6fa849f2

    • SHA256

      751dee488d8148db816da1f2326e37e579c116f76e4f8cdf21a25d1f85e74ffe

    • SHA512

      9643b236e15cb9364a1e9cdd322d16d101a9ee804f958565c95037e18fae94d687c2c0c6e7cb776b00aac55e052ef1decce46189b35ffdce8dca74f910b39777

    • SSDEEP

      6144:vloZM+rIkd8g+EtXHkv/iD4zyPvRDAmB5KW/Cwhl0zjb8e1m0iDc:NoZtL+EP8zyPvRDAmB5KW/Cwhl076

    Score
    10/10
    • Detect Umbral payload

    • Umbral

      Umbral stealer is an opensource moduler stealer written in C#.

    • Umbral family

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Matrix

Tasks