umbral | f6cf0bc000965baa8fd8c103be34aa1ca9514c3e97f0a48b4558d2ab8b346e9c | Triage

Submit
Reports

Overview

overview

Static

static

3

Output.exe

windows10-ltsc 2021-x64

Output.exe

windows11-21h2-x64

Sharing

General

Target

Output.exe
Size

318KB
Sample

250212-tgmczayma1
MD5

76250a84f46395d5e50ba0178b714099
SHA1

fde7f65d449d42bd59d38ad99430663f7c4ece51
SHA256

f6cf0bc000965baa8fd8c103be34aa1ca9514c3e97f0a48b4558d2ab8b346e9c
SHA512

6bfb0eb5482e7635e25b65ac3e45e6eaf80e051cf742c7523ee4ff7b2de283e80d4294981747ad740a79f2ed0b54e068a75c3df69c85a9da423d5d3932ec0705
SSDEEP

6144:o2EX/IoKtm284A7aWAAAs1JuNAbq1QQYNbmkWA:3EXQDtN84YaWAA3IAuJO

Score

10^/10

umbral xworm discovery rat stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

Output.exe

Resource

win10ltsc2021-20250211-en

umbral xworm discovery rat stealer trojan

windows10-ltsc 2021-x64

16 signatures

150 seconds

Behavioral task

behavioral2

Sample

Output.exe

Resource

win11-20250211-en

umbral xworm discovery rat stealer trojan

windows11-21h2-x64

14 signatures

150 seconds

Malware Config

Extracted

Family

umbral

C2

https://discord.com/api/webhooks/1338955298215432203/bKCNv20MfC-uRLQ9U8b8R2MvcekWeTVte6JKtVnAGQhc4l2UJ1KxbIFnU9Q5hZfnLYXh

Extracted

Family

xworm

C2

147.185.221.25:64820

Attributes

Install_directory
%Temp%
install_file
SecurityHost.exe
telegram
https://api.telegram.org/bot7873282441:AAFVeYQ8VZCC3gF8qlaTYIz4N-gMEL21mHI/sendMessage?chat_id=7952080340

Targets

- Target
  
  Output.exe
- Size
  
  318KB
- MD5
  
  76250a84f46395d5e50ba0178b714099
- SHA1
  
  fde7f65d449d42bd59d38ad99430663f7c4ece51
- SHA256
  
  f6cf0bc000965baa8fd8c103be34aa1ca9514c3e97f0a48b4558d2ab8b346e9c
- SHA512
  
  6bfb0eb5482e7635e25b65ac3e45e6eaf80e051cf742c7523ee4ff7b2de283e80d4294981747ad740a79f2ed0b54e068a75c3df69c85a9da423d5d3932ec0705
- SSDEEP
  
  6144:o2EX/IoKtm284A7aWAAAs1JuNAbq1QQYNbmkWA:3EXQDtN84YaWAA3IAuJO
Score

10^/10

umbral xworm discovery rat stealer trojan
- Detect Umbral payload
- Detect Xworm Payload
- Umbral
  Umbral stealer is an opensource moduler stealer written in C#.
  stealer umbral
- Umbral family
  umbral
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- Xworm family
  xworm
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

umbralxwormdiscoveryratstealertrojan

behavioral2

umbralxwormdiscoveryratstealertrojan

© 2018-2025

Terms | Privacy