Overview

overview

10

Static

static

10

2720-108-0...ry.exe

windows7-x64

10

2720-108-0...ry.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2720-108-0x0000000000810000-0x0000000000BB6000-memory.dmp

  • Size

    3.6MB

  • Sample

    250221-rkeq7avnx4

  • MD5

    4de9b1a267f2d657eb204fc996293cdb

  • SHA1

    70216acc66c0a6f4d79a2238137223eebcc4979f

  • SHA256

    c85d06f1b43bef037664498eb6573214a314cacb174d1e97a9482410bc62376f

  • SHA512

    b4918d5687315f04ea2e20762f47c957d15f77ae2675c2c0114e055fab4be2ef23151f8dee3e943fce550b580d29aade2d15d405b3796014a6f1d1721b25caff

  • SSDEEP

    49152:ePWbhwss+52eagTpIR5QFP0rdKWW9DE5Tl+qKlLdSh:eP2hsv94I08MWW9DShKlLUh

Score
10/10
umbralstealer

Malware Config

Extracted

Family

umbral

C2

https://discord.com/api/webhooks/1339207974182191194/Cbspp1D1YgKvkqPsxxLAOiahYoeW0ceIteSYlYtjG202TSZnR-Kj6vR7I8pJsgFtUunb

Targets

    • Target

      2720-108-0x0000000000810000-0x0000000000BB6000-memory.dmp

    • Size

      3.6MB

    • MD5

      4de9b1a267f2d657eb204fc996293cdb

    • SHA1

      70216acc66c0a6f4d79a2238137223eebcc4979f

    • SHA256

      c85d06f1b43bef037664498eb6573214a314cacb174d1e97a9482410bc62376f

    • SHA512

      b4918d5687315f04ea2e20762f47c957d15f77ae2675c2c0114e055fab4be2ef23151f8dee3e943fce550b580d29aade2d15d405b3796014a6f1d1721b25caff

    • SSDEEP

      49152:ePWbhwss+52eagTpIR5QFP0rdKWW9DE5Tl+qKlLdSh:eP2hsv94I08MWW9DShKlLUh

    Score
    10/10
    umbralstealer

    • Detect Umbral payload

    • Umbral

      Umbral stealer is an opensource moduler stealer written in C#.

      stealerumbral

    • Umbral family

      umbral

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks