Behavioral task
behavioral1
Sample
NINJA HEX CRAKED.exe
Resource
win7-20241010-en
General
-
Target
NINJA HEX CRAKED.exe
-
Size
254KB
-
MD5
6a5a18c107110aaa1b251bc168180320
-
SHA1
4ce77f9a2af47610f8f2a254b49ae33f2958ef08
-
SHA256
404ccd4c5dae49ea8f38a8bc283e0b488de49b04a45c3f6cfeecc3ac8162c18c
-
SHA512
d6447e04a21a151d4625b8400a7253e59daa32ae0e027f9b6d478a9139510d7398af0338ed36b0aad7aa1321f239219c5349823d84e4c5d1a55c93b2a02c641f
-
SSDEEP
6144:04oZo7J39KtWaV+CRB6jIx7axHUPGUphYc3YeRN66hn7DC8ej58bD:DoZA9Kd8jYPGUphYc3YeRN647k5e
Malware Config
Extracted
umbral
https://discord.com/api/webhooks/1317835046182191155/IYPOJOoPa1SVviqW32fdefzF2Su_s9o0Kp-pbbK-0IRYee-MqprzJm_hde_WyDP9mvoi
Signatures
-
Detect Umbral payload 1 IoCs
resource yara_rule sample family_umbral -
Umbral family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource NINJA HEX CRAKED.exe
Files
-
NINJA HEX CRAKED.exe.exe windows:4 windows x86 arch:x86
Password: 1
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 251KB - Virtual size: 251KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ