Overview

overview

10

Static

static

10

0eec8833aa...13.exe

windows7-x64

10

0eec8833aa...13.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0eec8833aa50f5222085d4febcf70d570fc9cdf769fde33661c3c5f274533313

  • Size

    229KB

  • Sample

    250222-yfdfwswmc1

  • MD5

    28dd22fab069769c895b3c902035b2a6

  • SHA1

    90577e0d058c8cc553f11a56f0f6202bd614e471

  • SHA256

    0eec8833aa50f5222085d4febcf70d570fc9cdf769fde33661c3c5f274533313

  • SHA512

    a15a3979f708a5363851e66b199f787991fd512b58d314b9d601cb11e0bb8bc5a140b5835971dbc12f288137adf30f7e74c500064e785981b2d20c2d2e4bc74c

  • SSDEEP

    6144:lloZM+rIkd8g+EtXHkv/iD4/LI6BPUonKWvRsY9O3b8e1moAi:noZtL+EP8/LI6BPUonKWvRsY9M5Z

Score
10/10
umbralstealer

Malware Config

Extracted

Family

umbral

C2

https://discord.com/api/webhooks/1340764748391645225/uULT2sea9sIpCjgKKmBDah2Uj1_awysvvvG_UhFArY5rDSSew6dNx6W97h1CwsgLRWO1

Targets

    • Target

      0eec8833aa50f5222085d4febcf70d570fc9cdf769fde33661c3c5f274533313

    • Size

      229KB

    • MD5

      28dd22fab069769c895b3c902035b2a6

    • SHA1

      90577e0d058c8cc553f11a56f0f6202bd614e471

    • SHA256

      0eec8833aa50f5222085d4febcf70d570fc9cdf769fde33661c3c5f274533313

    • SHA512

      a15a3979f708a5363851e66b199f787991fd512b58d314b9d601cb11e0bb8bc5a140b5835971dbc12f288137adf30f7e74c500064e785981b2d20c2d2e4bc74c

    • SSDEEP

      6144:lloZM+rIkd8g+EtXHkv/iD4/LI6BPUonKWvRsY9O3b8e1moAi:noZtL+EP8/LI6BPUonKWvRsY9M5Z

    Score
    10/10
    umbralstealer

    • Detect Umbral payload

    • Umbral

      Umbral stealer is an opensource moduler stealer written in C#.

      stealerumbral

    • Umbral family

      umbral

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks