umbral | Infe1ctedStealer-V1[.]rar

Sharing

Copy URL

Twitter E-mail

General

Target

Infe1ctedStealer-V1.rar
Size

4.2MB
MD5

aac070727bd287b6862c5872916d9d0d
SHA1

04d601b780bba24c4a2e1a011cfcd1c3dc04cd97
SHA256

1b2fb2ee078cbe3782e0cf1b4ff7eb3188e45005ac3ebbd127a4b8678f7bd640
SHA512

06cceeea5bbda3d1dd0966ff5c032db47621274cc8463ba5ce4b32fcf1112257b772ea87e9dc29c2da6d86b334a236b1c68de0399c49e19bd2d44f7a0699fd52
SSDEEP

98304:5kMTnPcZPmn9aFOeBAhbZCWY9kApDzrUl3qtJaIoTZa1t2m5T6Z3:5ktmnynBAdW9nEdqzaS1tHT6J

Score

10^/10

umbral

Malware Config

Signatures

Detect Umbral payload 1 IoCs

resource	yara_rule
static1/unpack001/Stub/Stub.exe	family_umbral

Umbral family
umbral

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/InfectedStealer.exe
unpack001/SimpleObfuscator.dll
unpack001/Stub/Stub.exe

Files

Infe1ctedStealer-V1.rar
.rar

Password: 1
InfectedStealer.exe
.exe windows:4 windows x86 arch:x86

Password: 1

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 4.2MB - Virtual size: 4.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 137KB - Virtual size: 137KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Level 1 Deadcode.txt
SimpleObfuscator.dll
.dll windows:4 windows x86 arch:x86

Password: 1

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\My\Sources\Visual Studio .Net\CSharp\StaticLibrary\SimpleObfuscator\Library\SimpleObfuscator\obj\Release\SimpleObfuscator.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 952B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Stub/Stub.exe
.exe windows:4 windows x86 arch:x86

Password: 1

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\My\Sources\Visual Studio .Net\CSharp\Grabber\Public\Umbral-Oraginal-Src\Stub\obj\Release\Stub.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 217KB - Virtual size: 216KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: 1

Password: 1

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 4.2MB - Virtual size: 4.2MB

.rsrc Size: 137KB - Virtual size: 137KB

.reloc Size: 512B - Virtual size: 12B

Password: 1

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 9KB - Virtual size: 9KB

.rsrc Size: 1024B - Virtual size: 952B

.reloc Size: 512B - Virtual size: 12B

Password: 1

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 217KB - Virtual size: 216KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

.text
Size: 4.2MB - Virtual size: 4.2MB

.rsrc
Size: 137KB - Virtual size: 137KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 9KB - Virtual size: 9KB

.rsrc
Size: 1024B - Virtual size: 952B

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 217KB - Virtual size: 216KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B