umbral | 1a2d5e69f1dbd608bb2630f7c8ae2a07dc2fe5cdec2376319937bf7f62d468a4 | Triage

Submit
Reports

Overview

overview

Static

static

3

1a2d5e69f1...4N.exe

windows7-x64

1a2d5e69f1...4N.exe

windows10-2004-x64

Sharing

General

Target

1a2d5e69f1dbd608bb2630f7c8ae2a07dc2fe5cdec2376319937bf7f62d468a4N
Size

5.3MB
Sample

241108-xxhaqsxhrp
MD5

dc21bdd709b0043081f9d593c5eb0950
SHA1

82b88aef7c24f5e4fb94d9cd619b2cf02d49482d
SHA256

1a2d5e69f1dbd608bb2630f7c8ae2a07dc2fe5cdec2376319937bf7f62d468a4
SHA512

b9d0ef3eb6611dc7b7649996da3da0ffcfc7c00af6735342d793acae766b0108ed815fb4d72ae98208e542dc3d704e1c2c3d9f384e3226559becc65ad7a4c5d5
SSDEEP

98304:xivmGMDlsrwXdxIjBy6e5UZpqk8PEYw53:xvGMBpXdxIjByj5QpqfJQ

Score

10^/10

umbral discovery stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

1a2d5e69f1dbd608bb2630f7c8ae2a07dc2fe5cdec2376319937bf7f62d468a4N.exe

Resource

win7-20240903-en

umbral discovery stealer

windows7-x64

6 signatures

120 seconds

Behavioral task

behavioral2

Sample

1a2d5e69f1dbd608bb2630f7c8ae2a07dc2fe5cdec2376319937bf7f62d468a4N.exe

Resource

win10v2004-20241007-en

umbral discovery stealer

windows10-2004-x64

8 signatures

120 seconds

Malware Config

Extracted

Family

umbral

C2

https://discordapp.com/api/webhooks/1230529358272135229/UudHK5Ehya0aeui-YfuJN2oPhTPDyLENI0eay6qqi0U07DuiN2SxVvdUuelb3b1HDkUr

Targets

- Target
  
  1a2d5e69f1dbd608bb2630f7c8ae2a07dc2fe5cdec2376319937bf7f62d468a4N
- Size
  
  5.3MB
- MD5
  
  dc21bdd709b0043081f9d593c5eb0950
- SHA1
  
  82b88aef7c24f5e4fb94d9cd619b2cf02d49482d
- SHA256
  
  1a2d5e69f1dbd608bb2630f7c8ae2a07dc2fe5cdec2376319937bf7f62d468a4
- SHA512
  
  b9d0ef3eb6611dc7b7649996da3da0ffcfc7c00af6735342d793acae766b0108ed815fb4d72ae98208e542dc3d704e1c2c3d9f384e3226559becc65ad7a4c5d5
- SSDEEP
  
  98304:xivmGMDlsrwXdxIjBy6e5UZpqk8PEYw53:xvGMBpXdxIjByj5QpqfJQ
Score

10^/10

umbral discovery stealer
- Detect Umbral payload
- Umbral
  Umbral stealer is an opensource moduler stealer written in C#.
  stealer umbral
- Umbral family
  umbral
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

umbraldiscoverystealer

behavioral2

umbraldiscoverystealer

© 2018-2024

Terms | Privacy