umbral | 9ff459396b1f4de8dbca8a866ff3b9e4a46c48a9dc1071812a256fe21349caf9 | Triage

Submit
Reports

Overview

overview

Static

static

Big clean script.exe

windows7-x64

Big clean script.exe

windows10-2004-x64

Sharing

General

Target

Big clean script.exe
Size

230KB
Sample

241102-el1zlazqgn
MD5

b23d20593d9176d95302568243f60052
SHA1

fef1aa01b7a41a8255d71309c7c5badf48a7a907
SHA256

9ff459396b1f4de8dbca8a866ff3b9e4a46c48a9dc1071812a256fe21349caf9
SHA512

13a9f86ca7b7df87b4174875fb3d7a7552986a6484297c841037b054d3bf01eab724f3b080f9f1984cc58912e0a50953f5d1e2355dca1cc5366eca4870400d3e
SSDEEP

6144:lloZM+rIkd8g+EtXHkv/iD4M8RobhS6FDAxDeebSzb8e1muQTSi:noZtL+EP8M8RobhS6FDAxDeebIHQz

Score

10^/10

umbral discovery stealer

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

Big clean script.exe

Resource

win7-20240903-en

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

Big clean script.exe

Resource

win10v2004-20241007-en

umbral discovery stealer

windows10-2004-x64

23 signatures

150 seconds

Malware Config

Extracted

Family

umbral

C2

https://discord.com/api/webhooks/1302116602875084831/RE8pHwBeqQmHy6u-JA3iB9wwWRonk7COiIOdHg2mG5gZayOKih7L2v3Q-Z8wvo8zCH11

Targets

- Target
  
  Big clean script.exe
- Size
  
  230KB
- MD5
  
  b23d20593d9176d95302568243f60052
- SHA1
  
  fef1aa01b7a41a8255d71309c7c5badf48a7a907
- SHA256
  
  9ff459396b1f4de8dbca8a866ff3b9e4a46c48a9dc1071812a256fe21349caf9
- SHA512
  
  13a9f86ca7b7df87b4174875fb3d7a7552986a6484297c841037b054d3bf01eab724f3b080f9f1984cc58912e0a50953f5d1e2355dca1cc5366eca4870400d3e
- SSDEEP
  
  6144:lloZM+rIkd8g+EtXHkv/iD4M8RobhS6FDAxDeebSzb8e1muQTSi:noZtL+EP8M8RobhS6FDAxDeebIHQz
Score

10^/10

umbral stealer discovery
- Detect Umbral payload
- Umbral
  Umbral stealer is an opensource moduler stealer written in C#.
  stealer umbral
- Umbral family
  umbral
- Downloads MZ/PE file
- Executes dropped EXE
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

umbraldiscoverystealer

© 2018-2024

Terms | Privacy