umbral

Sharing

Copy URL

Twitter E-mail

General

Target

Infe1ctedStealer-V1.rar
Size

4.2MB
Sample

241221-hmfxlavqdt
MD5

aac070727bd287b6862c5872916d9d0d
SHA1

04d601b780bba24c4a2e1a011cfcd1c3dc04cd97
SHA256

1b2fb2ee078cbe3782e0cf1b4ff7eb3188e45005ac3ebbd127a4b8678f7bd640
SHA512

06cceeea5bbda3d1dd0966ff5c032db47621274cc8463ba5ce4b32fcf1112257b772ea87e9dc29c2da6d86b334a236b1c68de0399c49e19bd2d44f7a0699fd52
SSDEEP

98304:5kMTnPcZPmn9aFOeBAhbZCWY9kApDzrUl3qtJaIoTZa1t2m5T6Z3:5ktmnynBAdW9nEdqzaS1tHT6J

Score

10^/10

Malware Config

Targets

- Target
  
  InfectedStealer.exe
- Size
  
  4.3MB
- MD5
  
  3af4ffcfa2426836921b002f88c01b26
- SHA1
  
  9597bd7e519ef238c72416bd4d4945dc6fa1e05b
- SHA256
  
  d468d59ea330e48277fa1dd62eccb8d05b324eacb78b8bd1e54df0c9fb83d8f9
- SHA512
  
  6ebccd91ef6af4ff8b896a45a3c16aa28a8e8fb737a598e856441b6c9e59f8c6aa4af05d3abea279566b8a1196d1f05cac25661b78f3c50cde981790c8bf0a29
- SSDEEP
  
  98304:PkjozJ9/im8XVBKl6tmJVPS47x/EaR5zNNHtFWIT4bNJFY3OqttIFe:XzJpjS346tmJ1xsG53tFWjBHYdIw
Score

7^/10

agilenet discovery
- Obfuscated with Agile.Net obfuscator
  Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
  agilenet
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2
- Target
  
  Level 1 Deadcode.txt
- Size
  
  121B
- MD5
  
  57201f3cdbe21ce6b0ecb811d3ee9f9d
- SHA1
  
  cc3cf5712fab79cdc232688f2855c9e549c6f76c
- SHA256
  
  6a60870efcae8f17b274348e9aad327df096cc892f7ad9f07ca126b6a1e5764c
- SHA512
  
  0400197945370a6eeaee0d2fb5dd43ce6426269c662a9e2946c9e7d8caae4e5f1823bc456f817bacf731ace927f94c982345b8435c50f3769c910ff44764f10c
Score

1^/10
behavioral3 behavioral4
- Target
  
  SimpleObfuscator.dll
- Size
  
  11KB
- MD5
  
  6fe74ae76c94aeb98a2c62a233385332
- SHA1
  
  a6ed3f0998a0b53912443903f5473488b923b804
- SHA256
  
  b741af506696245d3b5169d4070f7af7dcbe2c02244919d39dcdccf83ca7a083
- SHA512
  
  b5054445e43a95493563fdc1854eefa51ce9469712ff9a4a57cc73b99192d90ee463b17ebf5c682212fa8387a282b91684f80a6eae7347ca31a49b8d682dda87
- SSDEEP
  
  192:KAFY2D5nu7zXp4aFwfWcKE6ogaZZuvgKgV4WO6VHjabVY8mA:K4Y2DdW54iUWcKENganuYKw9O65GbVYu
Score

1^/10
behavioral5 behavioral6
- Target
  
  Stub/Stub.exe
- Size
  
  219KB
- MD5
  
  3e12195a81c4a1fce97e3993a895dbd7
- SHA1
  
  9a4e7568b3f6ab2c68869882b7a9c49d52b2a61e
- SHA256
  
  a44af3b0054917bf21fde1ea841aec196e786e4d3e34f817f16aa28994e1debb
- SHA512
  
  ea9257315bd35e1c8d6738b9e21dde24369f4c6ff7a4feeb1b8586939678125bd93ee0cea10f2360b3d4594e0d617657362694f8ff5d578580d94d87c3073ef6
- SSDEEP
  
  3072:SF0UWgzqk8SEhcEzSCKwdxGlgxS2I8e3/N/IVsFiOXmHw:2IgzqkjEzSCqKo8e3/JUs0
Score

10^/10

umbral discovery stealer
- Detect Umbral payload
- Umbral
  Umbral stealer is an opensource moduler stealer written in C#.
  stealer umbral
- Umbral family
  umbral
behavioral7 behavioral8

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Obfuscated with Agile.Net obfuscator

Legitimate hosting services abused for malware hosting/C2

Detect Umbral payload

Umbral family

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8