umbral | ccbcc6269218d292a06db3d9896dc621598a76794881ffbeb6f093d8b54e1c43 | Triage

Submit
Reports

Overview

overview

Static

static

JJSploit.exe

windows11-21h2-x64

Sharing

General

Target

JJSploit.exe
Size

6.6MB
Sample

250223-cs71datrfy
MD5

f29fd0bb7218e3cf63ab6040be0a1698
SHA1

c078e4888d6e1cf6c75a4141d51a1d375c2f71c8
SHA256

ccbcc6269218d292a06db3d9896dc621598a76794881ffbeb6f093d8b54e1c43
SHA512

b68185e83baca3f8779e085fed57a0324fee7528139c4afa245900f206707b645f631cb08d8a2cc3ea6b75a65d0e5ac76c250897e28df2c6e7c4724f7790f40d
SSDEEP

196608:1dNnRdvjsTOvHK19gO8xbecifaCI1L5N1JTLX46:z1RSavI9sbf8vKf5

Score

10^/10

umbral xworm discovery rat stealer trojan

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

JJSploit.exe

Resource

win11-20250217-en

umbral xworm discovery rat stealer trojan

windows11-21h2-x64

20 signatures

150 seconds

Malware Config

Extracted

Family

xworm

C2

study-conclusions.gl.at.ply.gg:20142

Attributes

Install_directory
%Temp%
install_file
System32.exe

Targets

- Target
  
  JJSploit.exe
- Size
  
  6.6MB
- MD5
  
  f29fd0bb7218e3cf63ab6040be0a1698
- SHA1
  
  c078e4888d6e1cf6c75a4141d51a1d375c2f71c8
- SHA256
  
  ccbcc6269218d292a06db3d9896dc621598a76794881ffbeb6f093d8b54e1c43
- SHA512
  
  b68185e83baca3f8779e085fed57a0324fee7528139c4afa245900f206707b645f631cb08d8a2cc3ea6b75a65d0e5ac76c250897e28df2c6e7c4724f7790f40d
- SSDEEP
  
  196608:1dNnRdvjsTOvHK19gO8xbecifaCI1L5N1JTLX46:z1RSavI9sbf8vKf5
Score

10^/10

umbral xworm discovery rat stealer trojan
- Detect Umbral payload
- Detect Xworm Payload
- Umbral
  Umbral stealer is an opensource moduler stealer written in C#.
  stealer umbral
- Umbral family
  umbral
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- Xworm family
  xworm
- Executes dropped EXE
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

umbralxwormdiscoveryratstealertrojan

© 2018-2025

Terms | Privacy