umbral | f93a795061feb67c11e5d84b79fc80893a53193efda4927134b4558f0ee9abc0 | Triage

Sharing

General

Target

FortniteGeneratorKont.zip
Size

588KB
Sample

250218-swzfeasnby
MD5

f70fee3031655533639e8ae5ab664d72
SHA1

5fb81aee04ce811ad25896260839ae96fb05a804
SHA256

f93a795061feb67c11e5d84b79fc80893a53193efda4927134b4558f0ee9abc0
SHA512

d167a6748918204f7f06f989798fdb01ad5fe0efddbe6f966160efe55bb91cad66702c4169456d228b5ce6eac178c985c7f8416664565fe1d0764bd3d99ab329
SSDEEP

12288:l86ncFqnyEiLHBuf6DVw+kqpa+94IuYV+4uF/QOb:l8gcF+L8HBuiJw+KutuYV+7FIOb

Score

10^/10

umbral execution stealer

Malware Config

Extracted

Family

umbral

C2

https://discord.com/api/webhooks/1341424328972963933/ievnWqclSzHUHRx3Xf0K077BXgxxns9hWnIDDpQ8rmxmHK8IjHx960b3TQY6x_RzZjzL

Targets

- Target
  
  GeneratorkontFortnite/FortniteGeneratorKontFree.exe
- Size
  
  229KB
- MD5
  
  e832bd1f241d7756833ae95396a59a7f
- SHA1
  
  e7d019edd30c7734dab54581370b6d2eda9fff2f
- SHA256
  
  3b6c7693f2f8ee8e86b6f6e983e0c0973fe70ebbcff638361710e335256f350f
- SHA512
  
  1e0d2969528956c95e008acddaccbe729c6fa4042d6d4ed778bfe3629030ba6f77a18f547217e1c878e2f6ccb95ba3260b2be8cd9fc662ae193fd9046ffa92af
- SSDEEP
  
  6144:VloZM+rIkd8g+EtXHkv/iD4J1A9hv0IHq2PxM4dE1b8e1mvzi:3oZtL+EP8J1A9hv0IHq2PxM4dkd
Score

10^/10

umbral stealer
- Detect Umbral payload
- Umbral
  Umbral stealer is an opensource moduler stealer written in C#.
  stealer umbral
- Umbral family
  umbral
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2
- Target
  
  GeneratorkontFortnite/config/scripts/config.js
- Size
  
  981B
- MD5
  
  13cd51da19aabc0c7caa309b3b83eb20
- SHA1
  
  4a6291442fb8e5510a6d663fbbfdc2b7e665fe8f
- SHA256
  
  157332c4e2dbe4219a4387b6e2f83b333fbb23c2a3d5c08ce0041c1ca46d3e8f
- SHA512
  
  a4965af8f0f8c527b5d8aa2a75cad60b6e6f469ff36511368dbe4bed3da02379722ca94f399375529b1edcec69fd7e745a19bf0847390006c70a77c9240b9fdb
Score

3^/10

execution
behavioral3 behavioral4
- Target
  
  GeneratorkontFortnite/config/scripts/library/Minecraft.js
- Size
  
  6KB
- MD5
  
  59a16aa059d831dca2a30e8bccfa0ca2
- SHA1
  
  1fe6164efa567eda613127b8124d1caec2314c7c
- SHA256
  
  e23f740675f8e7f0478a9ac0caa338d51b036f7657dd86a1c1f0804f25e544a8
- SHA512
  
  2e30831aaa0db192b34a48e2d7e44f98dcc37c4c788adbe0349636fe3149fdb6cf367c30afd4d0e3a0d0555b292b0539e1261bd2e32d56113020ae74c112cade
- SSDEEP
  
  96:xmyd/pKXx7jnkiQPZ1pvwkTc1R0GUmJwR/DFexMdMADxzuR4UNZ/28AQ2:U7zNOOPmUudtzE28AN
Score

3^/10

execution
behavioral5 behavioral6
- Target
  
  GeneratorkontFortnite/config/scripts/library/classes/blockBuilder.js
- Size
  
  2KB
- MD5
  
  1c4f79699431af60afc3cbd89d1fd865
- SHA1
  
  9ec94c48f245d5d4a1f016d4f851622b09c675eb
- SHA256
  
  cdf14adb8446e2e282b990450adcdee660d48fcfd9f5d42da987031f7ac95491
- SHA512
  
  4ba42c89199ccaa3091cce49988fde00195e03a1aab200bbf4afc52cdd563cb9e4225e59ab89d0ff64fa09d9a8942036079240eb736978bf058c6dd47da6e604
Score

3^/10

execution
behavioral7 behavioral8
- Target
  
  GeneratorkontFortnite/config/scripts/library/classes/commandBuilder.js
- Size
  
  21KB
- MD5
  
  970a259834ac90a035e3334abb139d5b
- SHA1
  
  56ae1079a2f32f0cced6a42ff88fc1a1e568e04b
- SHA256
  
  7813fbf0bfed76d4fd2d5e9e0c17d210c6f76ae34efc90df6f0e04c6868b6a61
- SHA512
  
  0ed38ca6a21cdd09aaf86a8cce58f244c07bff7863608c9f9b0aa84eec781e34e55f0f2fa49b66ba36ad56f47b55c8be3bdb5721fb4baaa6849deb933640ffd5
- SSDEEP
  
  384:xkB4r7H0rfUmnrvX1QhQ5rW/WB7+pR2to9phJKe7z9Es:xkSmUmnTFNaWF+go9x37zOs
Score

3^/10

execution
behavioral10 behavioral9
- Target
  
  GeneratorkontFortnite/config/scripts/library/classes/databaseBuilder.js
- Size
  
  3KB
- MD5
  
  b0423d3dc1396f58c0b4b0b392fd246e
- SHA1
  
  6c134811730b9807691cd2760b0ab09ad6502f63
- SHA256
  
  02e97e9134402ee6174a6010d0cb6d13c9c2c6d9f9f8feb549b18588e54fbcff
- SHA512
  
  909e7a0adff8db1dcc4a953f0bb9783139c7ee07d034b62848a482ac3c05f878857a69e870019afa76590b42e1593d75a2110fb8827a46d4fc39c37ab08fff86
Score

3^/10

execution
behavioral11 behavioral12
- Target
  
  GeneratorkontFortnite/config/scripts/library/classes/eventEmitter.js
- Size
  
  4KB
- MD5
  
  4a3c79b280d46c9d23d8396a9d303c30
- SHA1
  
  62e20844b99365c2420aebfc3de883e75cd1bab9
- SHA256
  
  3d683a0d969974866d9f2b4d8b4ede940ef234533bfd01743f46740fd732fc69
- SHA512
  
  6b58f9733d6be879a93bdeccdd9396ea3ab1997a4fdf93d7915aaab59f970572e5689e974b520771c70fc0188e3a0c33b9e6ecd1eedff7b787f391b9aee9ced9
- SSDEEP
  
  48:MkRQAs/kXvgSkFjNIDgRxpUKt0hno1WbAKHqmIQ0C:fQAXfkjNIDoUKtI9bAKHqZQJ
Score

3^/10

execution
behavioral13 behavioral14
- Target
  
  GeneratorkontFortnite/config/scripts/library/classes/playerBuilder.js
- Size
  
  3KB
- MD5
  
  dbecf601e4c051f51b6e2ae1de7a7312
- SHA1
  
  81d151aa24c008aca2e28b3df3b844adda741281
- SHA256
  
  5f6c4bb3afc0e866e5de9aed115e481f156af940794fef2fb1a5f722c46e53b3
- SHA512
  
  7ec28be201e30e5b5868d80811f129d5cbdf2cac7702d8bbb770027a690c2f6f18917fd66ca09ba092759dccb57cf7d86341dc4800b2d22877558173ddf9d824
Score

3^/10

execution
behavioral15 behavioral16
- Target
  
  GeneratorkontFortnite/config/scripts/library/classes/serverBuilder.js
- Size
  
  2KB
- MD5
  
  07bc5cf7ace02cc87763c359d5bcfc69
- SHA1
  
  5b967a4178959672ba89aa9ecf06493396ee059f
- SHA256
  
  f56e13ab4cbd0fec610df6b8f251b883fa952e5d033745043b89a3e8259732d0
- SHA512
  
  3c05c90b17b0a7cf0255d6da221449b161d3cb79c7df66d8500be51912a18e03cdeebb35f6b61647c3035f689b27fc2bbf0736ccd71ab9955695cfe515d4297b
Score

3^/10

execution
behavioral17 behavioral18
- Target
  
  GeneratorkontFortnite/config/scripts/library/classes/structureBuilder.js
- Size
  
  11KB
- MD5
  
  9514f7178e1728477c624d8cfe566ece
- SHA1
  
  5622f3f2c8180399c10daea648800fe6f950ebf7
- SHA256
  
  495fe2b059767563a89aa00a3553319d32b5378cb8d9ea1d3d77fdd7fdb5d91d
- SHA512
  
  5bfbb8c3d3082b96f84969e00011b82542181f2b9b33afaedc217da871bf8fbae809c0130cea5130d14439fa189a41b282719b3246db54fcaa61538b89f219dc
- SSDEEP
  
  192:KjR7a52QTz2HpQDn4X+hmpmNiQm7Q1m1gZhmpmiUCQm7Q1m1etu20Xx:8gyHo4XempmYQm+mavmpmWQm+mogh
Score

3^/10

execution
behavioral19 behavioral20
- Target
  
  GeneratorkontFortnite/config/scripts/library/classes/uiFormBuilder.js
- Size
  
  9KB
- MD5
  
  dca6d36dcf9c68b1152923adcd416ef4
- SHA1
  
  4ced1d4bee81f4ff1358de2838c6d36fc9d8ab23
- SHA256
  
  fc771839c1c74ec039988896c6475b363239deb5e6122f412c702718f9554b88
- SHA512
  
  ab173312660f7731d28d081df4bd3fc62dd4fc1ad209da57fc5a065b9d1f4df3bae97f8237d74ed6e2b65fe1f09ca3c2717e2210f60ef17e5ef999f36c734d15
- SSDEEP
  
  192:AbN3QdCoORoTO/BICN2a2hWqrCU3g/z7pWVQhcFjWwDcgS1Aa:RdCooRpIb3CaVBFCwQg+
Score

3^/10

execution
behavioral21 behavioral22
- Target
  
  GeneratorkontFortnite/config/scripts/library/configurations.js
- Size
  
  208B
- MD5
  
  56d95d8f368b0a070d407b9e71b85920
- SHA1
  
  996ad4c2d4a603b270fe35f6574b727d99fd68e6
- SHA256
  
  863e9d3506adfcd2fd98dce680e37717bc669044112d8f3d3fbe72e12d512360
- SHA512
  
  0c254e1b700d6b5cf3cf34e39827d247fc7ca4918a12e812cd2b33cb48126c36ebcee020088ba54ffdf0bb8600d0c9980c9562df3d72d878c4873ea663bf0115
Score

3^/10

execution
behavioral23 behavioral24
- Target
  
  GeneratorkontFortnite/config/scripts/library/utils/bounds.js
- Size
  
  4KB
- MD5
  
  18a5705b19360cc70c7b22fc29a72588
- SHA1
  
  ef40bab11cae7a451927f18e1da528228f12bf91
- SHA256
  
  66b7c38e2cccbf4e9d08c2934775b6a19fb1edc809f5a9a5e5a754595a4a8afd
- SHA512
  
  8dde953d207f1f106e34c2f89b2d0f227fb6284f1f25bc34f536437902e9c8947d4e054a3cdade0ea4c0d8acb7d145c89bc48066bb75bec3e3e991fabf5e567d
- SSDEEP
  
  96:TPCGai2sLFEAMpqPBrLNbnyuRFGpkepkt8DEPPe7uv4n/8:b/aiVCrpqVxbnyurGpDpwPPeym/8
Score

3^/10

execution
behavioral25 behavioral26
- Target
  
  GeneratorkontFortnite/config/scripts/library/utils/contentlog.js
- Size
  
  834B
- MD5
  
  9348f7cc4eb61c92c0eb16b281348606
- SHA1
  
  247d3304b5d6c887af6d411561c38df7252b3cc1
- SHA256
  
  13aed2cf70500f626777b261e9e099328e8393d38c00b93de19dd3c703f3a65e
- SHA512
  
  eabe863dc94fef0855ace4abd755e1e15c3b11bae2cd76ba167d53e565560bd704c1c1c93d6ed6844c6088cb2e607676b60244abdcf175dab8fb5f548f0c7b56
Score

3^/10

execution
behavioral27 behavioral28
- Target
  
  GeneratorkontFortnite/config/scripts/library/utils/debug.js
- Size
  
  271B
- MD5
  
  493c9fbf8367e1188df8f2fafd7859ed
- SHA1
  
  f8447206242140e2cfe43e70ac6b63561f55734b
- SHA256
  
  c56e4a21381d2889ad69e4a594b02f34943b69d9b0178784840fd7d6dbe683e8
- SHA512
  
  997f0201e74c1b38afa291eca50fff5204f21daf59ba5788bb6bbf9388e888ad6c955441cc08883aa1de1beb6a652c39fd11e92c9ef7e62f99132b7b38502f4c
Score

3^/10

execution
behavioral29 behavioral30
- Target
  
  GeneratorkontFortnite/config/scripts/library/utils/index.js
- Size
  
  293B
- MD5
  
  9ab3fc8abb52660275d3487d1ee76f73
- SHA1
  
  0ca5d3d93cdf94fc5951defa4a2229bb84e85f8d
- SHA256
  
  634930570322ecfcf6c64e210ce8a16ed15b599c6a4ac6b73714120699f5f781
- SHA512
  
  977efa5a3b015369f6a0864ae9917ba29399e92daffd0decbf95f667387e88dd71a7026a9c5e03f7a64a297f00e80a672edb85725e36dbfa93fa59f0d3781c74
Score

3^/10

execution
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

JavaScript

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32