General

  • Target

    Umbral.Stealer (2).zip

  • Size

    3.3MB

  • Sample

    241102-f1pesaxqbx

  • MD5

    f355889db3ff6bae624f80f41a52e619

  • SHA1

    47f7916272a81d313e70808270c3c351207b890f

  • SHA256

    8e95865efd39220dfc4abebc27141d9eae288a11981e43f09cbee6bf90347fe0

  • SHA512

    bff7636f6cc0fadfd6f027e2ebda9e80fd5c64d551b2c666929b2d990509af73b082d739f14bb1497be292eafe703ebd5d7188493e2cc34b73d249fe901820eb

  • SSDEEP

    98304:XINn7mVoLvbDU48xzliDSjtYV2jg0tsGTplmOhl88uF:mjLvvD8BcSjtAB0zplNl8Z

Malware Config

Targets

    • Target

      Bunifu.Licensing.dll

    • Size

      1.3MB

    • MD5

      2b2740e0c34a46de31cf9da8a75d77cf

    • SHA1

      242324f1112e6387cda41686291b6e9a415eeb8c

    • SHA256

      a9be91cae167702885a5ca74273db779e3e391e2e604cc03779ed403c53ebe43

    • SHA512

      605eb300b159e6ed2ee872b6ee378eed7dde6541000221fcd94d52057be91cb3c7dd65c7203f05e0718303b157b6fb941498b5e653501f97f0417d459da6bc40

    • SSDEEP

      24576:ebkurkdR5uuMeiPUf2lHmdpjrcbYdwcqMw5LTvBrq/WGs1xGUfGUCco:a1roD9MeiUDDjrW4bqD5LDBrqWG0GUfX

    Score
    1/10
    • Target

      Bunifu.UI.WinForms.1.5.3.dll

    • Size

      342KB

    • MD5

      41c216d27c71a227774e680e95e99f31

    • SHA1

      0a2a93d4ecbf4bbec2faf110066c6b4472b0dbf5

    • SHA256

      012d717b4ac00c3686a772757f49c1908e223624e3974314cdb9fc9291073305

    • SHA512

      e355ba11e41b668e4459f709e87c3e212c8986ea894791d9155791ea9d7315372fb51531eb69204ed2ee38e242de7629e4a2f090c05bf9deeea9ea965ffaf651

    • SSDEEP

      6144:3e5XJsDZGUbIf5kqw23B1Q8g2iYcHIc6uWXMIFidNw:qMZGUbIf5T37Q8ncHNAMhNw

    Score
    1/10
    • Target

      Bunifu.UI.WinForms.BunifuButton.dll

    • Size

      107KB

    • MD5

      21f999e5ac72a16077511d41590822de

    • SHA1

      d8bb1a8a291f73cdf2b5658b2b65736c87db19dd

    • SHA256

      2a62c78f1f0db2e3258135b50f7885e6734c31c74a8f2f5782f285aa268c2f71

    • SHA512

      e04fe31870f266d772829053a6bb210a9513ff5c8c0f9a3a267ddbe1875125496caa602baf44a4e241ef84d933bd55b79af43d5871ed10c81711adecee78b8e3

    • SSDEEP

      3072:tgiMibnDED3/7f2ih0xdGzFpzUHgmCFKHUUZP0tTwmnkyY:xDDED3/7f2ih0xdGzFpzUHgmCFKHvF0e

    Score
    1/10
    • Target

      Bunifu.UI.WinForms.BunifuCheckBox.dll

    • Size

      102KB

    • MD5

      ef11f59a9381df17d7ab94434f79f260

    • SHA1

      ec11e46a636fe3927fd5fa7c30be65b958853ef0

    • SHA256

      390252aeb6fd76a954a03853c3d883e0360dc8b3f2cf8cfed5ba94e4e5a24da4

    • SHA512

      612b1b0f9204c605ff5e9b91816e674cdaea71fa69f81a5a7f475bf1cc8d5e12687deb1b0118b07b3d7e4764adede0576f8fc799f8155a65a70e5dafff50f73d

    • SSDEEP

      1536:JiQsfF22IDMxiQ9MOWnce1Cua4JfhwuKeWbZ6YlX52o3tWQFeOvTT:JifF22IoxChnv1CuhW1xCwdeOvX

    Score
    1/10
    • Target

      Bunifu.UI.WinForms.BunifuCircleProgress.dll

    • Size

      77KB

    • MD5

      bc930a050ca23ea75dbd9deade4189bb

    • SHA1

      e6878d381ac1c37c331fd01a25b2ec508e1c1a21

    • SHA256

      d5ed95667aa44a80278b80a90413c0de9d85eeb3ca1fa24a40ae71c3ad88d837

    • SHA512

      20e2bb3661d2817082c2aa01381b5aee8582fea5fc54be486de5b1e48f302a15779ebe5670221774a5a4d031248b342f3c86084de4f023c197cd210857fb3ff3

    • SSDEEP

      768:A8ioretsy7GQLZvAQFe1zbnprSBaqII0OsWjc1B5Nl4WfWQAz6uJi8B4dgUp2hQf:JixnZYQFe722Wj8l4oL+6uJ/BZ4ZTz

    • Detect Umbral payload

    • Umbral

      Umbral stealer is an opensource moduler stealer written in C#.

    • Umbral family

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Target

      Bunifu.UI.WinForms.BunifuColorTransition.dll

    • Size

      38KB

    • MD5

      539d803013c0b1592d0e17a740d72687

    • SHA1

      b0ce15e0f096d027b1d1482afa9d93bafd160f7a

    • SHA256

      500adece1fba76dfb2fa628de9886a2661ed1a4e58a7717a5fee607206bb1d81

    • SHA512

      77d8ab7a949db41a79371cf2ebd5d67bd4a38dd040de0073c878f50b2a6409fae2dc5db7cbf375fbc1bc571838b0a6d4848bdecc1420d91633b878585c94b9dd

    • SSDEEP

      768:2SfWaEnnh2U2DaRIx0qVuQ/90iAzNIewCqyU659bTTvtM/3JhQTifZs:cs0qVb/95+6ewCqyZ9bfvk0TWZs

    Score
    1/10
    • Target

      Bunifu.UI.WinForms.BunifuDataGridView.dll

    • Size

      83KB

    • MD5

      53765ad5b31fd87986a569bbb79f402c

    • SHA1

      75c7ec63458c79ded533d1d4175de4117036adae

    • SHA256

      9e61bd6dbcc8d5866bf3a139ea12f453ef4ca8bab28c08329cbc5f0bf13950df

    • SHA512

      ea129aab13b09e817be6210bc423bcf4e024c83a5a0340941e7658d4dd0ef6f3b40077527f7d168849ad947650a00d360fa6a5f64c4a8f14dfe72cd4d34469d3

    • SSDEEP

      1536:YNBBIrOTrgVCuiPwacJigM8H+duT0R0xSJQ9FTiIb8EtTG:YNBoGgsPiJfedkvu/IFtC

    Score
    1/10
    • Target

      Bunifu.UI.WinForms.BunifuDatePicker.dll

    • Size

      50KB

    • MD5

      a05882bac172c61b5b1bd3f4a56b4320

    • SHA1

      9a725973aa498472c253382ff8d766a5d3a41697

    • SHA256

      3c1ac3e39665e49327b64887131a53c63379de884b3a6f9a0ab96a36e882ceb7

    • SHA512

      a503f5cd0211b123618ecaff83a7930a6b547a1afaad1b93cc5e60bc859e255585a8a94832747422de139f2fe6451b2fcf46b31bac20e12ce60f97983e1af493

    • SSDEEP

      768:KMzEetGON+bjRFOchYvP0pbwk4LAzn21AXrpKXyvcgq8/i7l5THL8ZFxIZYzUebj:HsONqjRFO2ZxXpHraUNaT0

    Score
    1/10
    • Target

      Bunifu.UI.WinForms.BunifuDropdown.dll

    • Size

      50KB

    • MD5

      5bc3c478e3c44caf765c6e998dc621f0

    • SHA1

      8cd06d3ec991ae3d5c0d935ea03fd7c06d504d53

    • SHA256

      f746eef49caaf23939999a89c86787e6d1f4e4c16f667bcfebcaeacb5276e0c8

    • SHA512

      3990c0a716e2e0619cd969d75666cacf695b6d40a118ead8a810997a594b558250e4a661e303f383f58bc52cac90e84a2049a50a1295f762b2bdbdb8661c33f0

    • SSDEEP

      768:WxidV98e5TsEQgzWC/Vzv/8vWvLMFZhjd5hQTi7q:Y3ehsEQAWQHgW4Zhx0TN

    Score
    1/10
    • Target

      Bunifu.UI.WinForms.BunifuFormDock.dll

    • Size

      102KB

    • MD5

      fff8d46f94011c5bfa4bc1d1fbde3eaa

    • SHA1

      c5e978eb89e9646423c3b2a1d7d2651cdbee90f0

    • SHA256

      f8052b4641fea785ef643bc06d0e5383555c0845bbe695099bc41ab09a180ef6

    • SHA512

      61af0253c05bd33d43d34799eb74d97ae9e3e700281273895026d690f39e3de97034ee51511284a4b6a4150d31977f7ac6fbf4047aa19825564a15eae8be079a

    • SSDEEP

      3072:wVypYUOJdOb8UD8m1PxGFXflE2BHjvZKDq6CN:wVypYUSXdbBjvZKDq1N

    Score
    1/10
    • Target

      Bunifu.UI.WinForms.BunifuGauge.dll

    • Size

      74KB

    • MD5

      161768e00f22118c66a84d22e658b008

    • SHA1

      7645e52d1aeac19169c8cd1b411200ee808295b8

    • SHA256

      0edc3396eb94c33fca4889c5a379e29aed354469957ee55893f565d8f824cacc

    • SHA512

      cfcbc3e642f6f9cf904b993a6112e2304055cd88e9bbe2d818842d4e93a5f71ff6a09f8d36c6a64de8701435cabbddbff765307f8c110dcb5bb14d805aeb3422

    • SSDEEP

      768:POPW1cKm3/WnwISrek0JCPRjNEp5lW1T31fNEDqz6Zi6EgmaFLGiLjyQXAhQTiQb:PUZewEQRSXlEaDA6w3g7wi3yWLTbb

    Score
    1/10
    • Target

      Bunifu.UI.WinForms.BunifuGradientPanel.dll

    • Size

      60KB

    • MD5

      58be3fb2879bf2614b7854b0e184521a

    • SHA1

      fbdce08394b1d11a961c0684d5c0013507dff9e5

    • SHA256

      6811dc0f98d2ce9816475207badd010564b7be460f48b8480664f9184824ce5f

    • SHA512

      a5635f09a943e0dd969b648ab7d929ba16d734ebc13f96ebde95d1a5cd91e14ba1b2e105c7414816f3d535bbe2be4ad861a16e25d84c2d12dd025898f3743b0d

    • SSDEEP

      1536:FpoDvSiiUiiJiiJiiYiKbfbD7v055J6O5v2wunCT6:aSiiUiiJiiJiiYiKbz+bB0Ce

    Score
    1/10
    • Target

      Bunifu.UI.WinForms.BunifuGroupBox.dll

    • Size

      46KB

    • MD5

      e86aafa7c25a2f1654cf95657cacc39c

    • SHA1

      c9ab7d835b24b294309abed83efff4cdf102906b

    • SHA256

      637b5cac86e245c53af91e41e6479de42df1b5fa5a524f931e034f5b5ee1f259

    • SHA512

      8b043a2434681773c6e3d8e73fde70fbb666f57a30f5e3514634ccf5c714979fa89769fc54e3e01fba91c5ac916db44054fdd2a65b4a6c35869b695b8696d96a

    • SSDEEP

      768:jODM3ey49Uo613D9ddld3LTeBNsRfMzIz6FzHGptXZEchQTits:jODM3eySWd3/jRam6FzHG2HT6s

    Score
    1/10
    • Target

      Bunifu.UI.WinForms.BunifuImageButton.dll

    • Size

      155KB

    • MD5

      7d68b8af58c87ee29eca74fe8ef2f093

    • SHA1

      16e8d2004d2c3a71a8dcb6983b72537079ccfd3b

    • SHA256

      32b8eb2fae4a14e8319448cd173b73a8e63234b3816d6407ef95be204cec226d

    • SHA512

      6c3f90e7596e0a73cc5da77b92b2d4ed248e49aba2c0c299be4400b8841782415820a44bcca1635a224edc90444559ed14de7dc23fbb7133c0bd86fe93ecd236

    • SSDEEP

      3072:28cu9fbsLqRKynlLWwUGR3BKRqbpqtqzh4E6jt/:zfbsFulLASYqddzcZ/

    Score
    1/10
    • Target

      Bunifu.UI.WinForms.BunifuLabel.dll

    • Size

      420KB

    • MD5

      73ca0338c9c3b7901d3621b346c76a7a

    • SHA1

      79d26ee6e1bf0beb2ee0593562592de8ff01935b

    • SHA256

      a505193910f7b8fd6123c00bb437bff3d2a4f28c970e24207d395554765e6ad4

    • SHA512

      53e0b84dffbec8e465955bc91f1207ba56a55543ba3c00c66997b3ee3d4cb904e027915a12f7a9dc79ffef4cde633c9b7543436c4ab97785ca2169bc3d4aeede

    • SSDEEP

      6144:IMiEH8iZBKX+7haZYjw1MLZRD0fxrmfD4DJL5f:IMNhZjwKLDCVf5f

    Score
    1/10
    • Target

      Bunifu.UI.WinForms.BunifuPages.dll

    • Size

      95KB

    • MD5

      170b18df5b12f1eb01c2de4a03e1a043

    • SHA1

      2fa3dde71cd17bc2a9fbe8dc05f5e50c94f6cb16

    • SHA256

      633c77cbd4074c428a593e9c9769926ecfd484b40305062c6c268edb1fac44ff

    • SHA512

      8af0aac446d8efbd0b6cfa58093e21b1201e03057df42d922215237adeebee7d5fc9096d526761424092c2131ae3e0ba9696cf2b51b3aff4f91f0e1902b1b053

    • SSDEEP

      1536:QbEFvWVvz9NOLQ1p7eCweuT2CWvlcHF/BmEwMDc2xgAPWTUh:bvmZkLQ/wLT2LcHZBiMVxgAPWwh

    Score
    1/10

MITRE ATT&CK Enterprise v15

Tasks

static1

agilenetumbral
Score
10/10

behavioral1

Score
1/10

behavioral2

Score
1/10

behavioral3

Score
1/10

behavioral4

Score
1/10

behavioral5

Score
1/10

behavioral6

Score
1/10

behavioral7

Score
1/10

behavioral8

Score
1/10

behavioral9

Score
1/10

behavioral10

umbraldiscoverystealer
Score
10/10

behavioral11

Score
1/10

behavioral12

Score
1/10

behavioral13

Score
1/10

behavioral14

Score
1/10

behavioral15

Score
1/10

behavioral16

Score
1/10

behavioral17

Score
1/10

behavioral18

Score
1/10

behavioral19

Score
1/10

behavioral20

Score
1/10

behavioral21

Score
1/10

behavioral22

Score
1/10

behavioral23

Score
1/10

behavioral24

Score
1/10

behavioral25

Score
1/10

behavioral26

Score
1/10

behavioral27

Score
1/10

behavioral28

Score
1/10

behavioral29

Score
1/10

behavioral30

Score
1/10

behavioral31

Score
1/10

behavioral32

Score
1/10