Overview

overview

10

Static

static

10

31c061c836...36.exe

windows7-x64

10

31c061c836...36.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    31c061c83666b251d96b66caf93b422948e3dfad205d1843dacfbd4ef8a21936

  • Size

    235KB

  • Sample

    241111-ztk9bswfjp

  • MD5

    87dd9769f8dac6c5c8f6fb8cd36ba1db

  • SHA1

    7cb356796d88dfa8e6a64b5fbcdd98ae6766a736

  • SHA256

    31c061c83666b251d96b66caf93b422948e3dfad205d1843dacfbd4ef8a21936

  • SHA512

    e14aad1acaea634a10c85137a6a5dd67de43837286474aa37088149e92c0c7090716e62414a8b212632d64e9d9a6bc5c070635ea935d7acd351b3ac1653f48a4

  • SSDEEP

    6144:TloZM+rIkd8g+EtXHkv/iD4P4x+NbYMTiqL9Y0he/b8e1msi:RoZtL+EP8P4x+NbYMTiqL9Y0hom

Score
10/10
umbralstealer

Malware Config

Extracted

Family

umbral

C2

https://discord.com/api/webhooks/1248609655085600899/MrVb417QU8fZjEwKLKWE-bla86Obi_ti4F47WjczwzoZrfqpbF7LuwEYH1uRaX20wU5q

Targets

    • Target

      31c061c83666b251d96b66caf93b422948e3dfad205d1843dacfbd4ef8a21936

    • Size

      235KB

    • MD5

      87dd9769f8dac6c5c8f6fb8cd36ba1db

    • SHA1

      7cb356796d88dfa8e6a64b5fbcdd98ae6766a736

    • SHA256

      31c061c83666b251d96b66caf93b422948e3dfad205d1843dacfbd4ef8a21936

    • SHA512

      e14aad1acaea634a10c85137a6a5dd67de43837286474aa37088149e92c0c7090716e62414a8b212632d64e9d9a6bc5c070635ea935d7acd351b3ac1653f48a4

    • SSDEEP

      6144:TloZM+rIkd8g+EtXHkv/iD4P4x+NbYMTiqL9Y0he/b8e1msi:RoZtL+EP8P4x+NbYMTiqL9Y0hom

    Score
    10/10
    umbralstealer

    • Detect Umbral payload

    • Umbral

      Umbral stealer is an opensource moduler stealer written in C#.

      stealerumbral

    • Umbral family

      umbral

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks