umbral

General

Target

Hypnox TB V1.2.exe
Size

239KB
Sample

241101-xxf3nswjcn
MD5

f998146f650224b7a945c998246c79ca
SHA1

9ab4507aaf84093985febac2d5a28a1f0e00b52e
SHA256

93ce8e3689636df1bf9f269f4e96f0e30f3f7c5848778ad12f82275fd4061f85
SHA512

50a885cf13d60a59b25c3d9a8110feb5ba67b5f2b028b6abe5efac38b27c2ad5be9dd0f345379763b1b034458cebffd63ee4ce33c5a416b6662f004acf4a8224
SSDEEP

6144:rloZMLrIkd8g+EtXHkv/iD4pdeTKInDASZMK7bCQ0b8e1muYZi:poZ0L+EP8pdeTKInDASZMK7bCFjx

Score

10^/10

Malware Config

Extracted

Family

umbral

C2

https://discord.com/api/webhooks/1301023877203492945/qipDBBN580abTipodMZs0CAGX07mE1G1cj1SxxTdczv_B-indLOc15D1v1HAh2NHq6Je

Targets

- Target
  
  Hypnox TB V1.2.exe
- Size
  
  239KB
- MD5
  
  f998146f650224b7a945c998246c79ca
- SHA1
  
  9ab4507aaf84093985febac2d5a28a1f0e00b52e
- SHA256
  
  93ce8e3689636df1bf9f269f4e96f0e30f3f7c5848778ad12f82275fd4061f85
- SHA512
  
  50a885cf13d60a59b25c3d9a8110feb5ba67b5f2b028b6abe5efac38b27c2ad5be9dd0f345379763b1b034458cebffd63ee4ce33c5a416b6662f004acf4a8224
- SSDEEP
  
  6144:rloZMLrIkd8g+EtXHkv/iD4pdeTKInDASZMK7bCQ0b8e1muYZi:poZ0L+EP8pdeTKInDASZMK7bCFjx
Score

10^/10

umbral discovery stealer upx
- Detect Umbral payload
- Umbral
  Umbral stealer is an opensource moduler stealer written in C#.
  stealer umbral
- Umbral family
  umbral
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Detect Umbral payload

Umbral family

Looks up external IP address via web service

UPX packed file

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2