umbral | 2e1ddba1f76d93d7354190865523d53ff0b1f14876da06cc61f1bde9b6b686a4 | Triage

Sharing

General

Target

Loader.exe
Size

230KB
Sample

250101-24zwkszldx
MD5

01ef484bd08794522afb7af0f4a39159
SHA1

7e9edc911734c592881899a5271bfa83e112ab12
SHA256

2e1ddba1f76d93d7354190865523d53ff0b1f14876da06cc61f1bde9b6b686a4
SHA512

e6ab72865d8a7dd29e1d04029a9be5f46a199614a8b67cdae27e2e31cb2a96827b8b39a73c103d2bc67713909b0d32e6b9f02d6dd714bd889b544eff0585627b
SSDEEP

6144:jloZM+rIkd8g+EtXHkv/iD4z1MKYe5xyuXKYZd8O+gbb8e1msi:BoZtL+EP8z1MKYe5xyuXKYZd8Ci

Score

10^/10

umbral discovery execution spyware stealer

Malware Config

Extracted

Family

umbral

C2

https://discord.com/api/webhooks/1324149676450123820/Ch478qL19IuuscU5ZnjMw3QZNcaeE-OInimQf1TXgW5cTcg_87xf6oUZDJV_I0Uk6sWI

Targets

- Target
  
  Loader.exe
- Size
  
  230KB
- MD5
  
  01ef484bd08794522afb7af0f4a39159
- SHA1
  
  7e9edc911734c592881899a5271bfa83e112ab12
- SHA256
  
  2e1ddba1f76d93d7354190865523d53ff0b1f14876da06cc61f1bde9b6b686a4
- SHA512
  
  e6ab72865d8a7dd29e1d04029a9be5f46a199614a8b67cdae27e2e31cb2a96827b8b39a73c103d2bc67713909b0d32e6b9f02d6dd714bd889b544eff0585627b
- SSDEEP
  
  6144:jloZM+rIkd8g+EtXHkv/iD4z1MKYe5xyuXKYZd8O+gbb8e1msi:BoZtL+EP8z1MKYe5xyuXKYZd8Ci
Score

10^/10

umbral discovery execution spyware stealer
- Detect Umbral payload
- Umbral
  Umbral stealer is an opensource moduler stealer written in C#.
  stealer umbral
- Umbral family
  umbral
- Command and Scripting Interpreter: PowerShell
  Using powershell.exe command.
  execution
- Drops file in Drivers directory
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

Remote System Discovery

System Information Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

umbraldiscoveryexecutionspywarestealer