umbral | e6f71ac80e3dab87309de89a4840824b680ae897c19bda25a766b216595f30c5 | Triage

Submit
Reports

Overview

overview

Static

static

Fortnite.exe

windows10-ltsc 2021-x64

Fortnite.exe

windows11-21h2-x64

Sharing

General

Target

Fortnite.exe
Size

227KB
Sample

241107-xx7kmaxeld
MD5

9b107d5d9f8df40eb30e3168ebe6f9dd
SHA1

6b61781552e8173e5bc446128b0683e3dde7ad68
SHA256

e6f71ac80e3dab87309de89a4840824b680ae897c19bda25a766b216595f30c5
SHA512

0a504481a0413a3de4d0e6e2a000a2371be46d6896c399b635f8e3ad7b5a777678a82502a2ec02ead689068c1a7ca9ceffddc7ce47607eff405dde9b7eaeb7fc
SSDEEP

6144:eloZM+rIkd8g+EtXHkv/iD45CcwZCl38e1mBi:IoZtL+EP8RNZ

Score

10^/10

umbral stealer

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

Fortnite.exe

Resource

win10ltsc2021-20241023-en

windows10-ltsc 2021-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

Fortnite.exe

Resource

win11-20241007-en

windows11-21h2-x64

6 signatures

150 seconds

Malware Config

Extracted

Family

umbral

C2

https://discord.com/api/webhooks/1303698745497747511/SnUKC9sR9ycNE1CskwuavqmgNSracYu2d2x4rnwrxYQ91OKqtgLWRDAMJ3OoDH3KnesY

Targets

- Target
  
  Fortnite.exe
- Size
  
  227KB
- MD5
  
  9b107d5d9f8df40eb30e3168ebe6f9dd
- SHA1
  
  6b61781552e8173e5bc446128b0683e3dde7ad68
- SHA256
  
  e6f71ac80e3dab87309de89a4840824b680ae897c19bda25a766b216595f30c5
- SHA512
  
  0a504481a0413a3de4d0e6e2a000a2371be46d6896c399b635f8e3ad7b5a777678a82502a2ec02ead689068c1a7ca9ceffddc7ce47607eff405dde9b7eaeb7fc
- SSDEEP
  
  6144:eloZM+rIkd8g+EtXHkv/iD45CcwZCl38e1mBi:IoZtL+EP8RNZ
Score

10^/10

umbral stealer
- Detect Umbral payload
- Umbral
  Umbral stealer is an opensource moduler stealer written in C#.
  stealer umbral
- Umbral family
  umbral
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

© 2018-2024

Terms | Privacy