Overview

overview

10

Static

static

10

CustomFemb....8.exe

windows7-x64

10

CustomFemb....8.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    CustomFemboyExecV.8.exe

  • Size

    250KB

  • Sample

    250216-h4h4aaylhs

  • MD5

    6b98ad29e54ae9d42c0df9a93d6c8096

  • SHA1

    1ded43a88254b7c9de6c96267a3f8be54eeded85

  • SHA256

    6103369dbef89de42e49fce61b2df15524abf159ca05af0d898747f5b93cf89b

  • SHA512

    c29b74750b138e21c5e2f369433909e8c56b48096afddcaca846266ee7f4353f15ee409ad1f9a44efc72048fb14f172dd603391bd9b6cce74956e950bfda96c3

  • SSDEEP

    6144:cloZM+rIkd8g+EtXHkv/iD4oHgtxdi8e1mA8iU:6oZtL+EP8IwxmpV

Score
10/10
umbraldiscoverystealer

Malware Config

Extracted

Family

umbral

C2

https://discord.com/api/webhooks/1340534049512493106/Keq8--wwvLpOjZu-_NAPHduEwTHMRzhAqScSm6qtrVdMjaJ8S7avm63KmHGe5EaoujDw

Targets

    • Target

      CustomFemboyExecV.8.exe

    • Size

      250KB

    • MD5

      6b98ad29e54ae9d42c0df9a93d6c8096

    • SHA1

      1ded43a88254b7c9de6c96267a3f8be54eeded85

    • SHA256

      6103369dbef89de42e49fce61b2df15524abf159ca05af0d898747f5b93cf89b

    • SHA512

      c29b74750b138e21c5e2f369433909e8c56b48096afddcaca846266ee7f4353f15ee409ad1f9a44efc72048fb14f172dd603391bd9b6cce74956e950bfda96c3

    • SSDEEP

      6144:cloZM+rIkd8g+EtXHkv/iD4oHgtxdi8e1mA8iU:6oZtL+EP8IwxmpV

    Score
    10/10
    umbralstealerdiscovery

    • Detect Umbral payload

    • Umbral

      Umbral stealer is an opensource moduler stealer written in C#.

      stealerumbral

    • Umbral family

      umbral

    • Downloads MZ/PE file

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks