umbral | c30599a71b6129c75b93e7b508cc307928df2677fe1b00357547481662522033 | Triage

Resubmissions

23/03/2025, 14:55

250323-san3jsyjv6 10

23/03/2025, 14:54

250323-r9t76sxr17 10

23/03/2025, 14:51

250323-r74zlaxrv8 10

Sharing

General

Target

1231321312.lnk
Size

2KB
Sample

250323-r74zlaxrv8
MD5

a83ed03220cbc79bcbcaae9a57d0b95a
SHA1

062d88505a421b491c8614ccff1d8fdd34453e18
SHA256

c30599a71b6129c75b93e7b508cc307928df2677fe1b00357547481662522033
SHA512

97f7b63aa0435cbe3fb597f3a18941d0697c053ff75ccfdfae55f2e0f70afde85e6ef82e0c90077dcbc933247b8ac568f1fd28a7b3cc1f0eb1af9640f409a349

Score

10^/10

umbral execution spyware stealer

Malware Config

Targets

- Target
  
  1231321312.lnk
- Size
  
  2KB
- MD5
  
  a83ed03220cbc79bcbcaae9a57d0b95a
- SHA1
  
  062d88505a421b491c8614ccff1d8fdd34453e18
- SHA256
  
  c30599a71b6129c75b93e7b508cc307928df2677fe1b00357547481662522033
- SHA512
  
  97f7b63aa0435cbe3fb597f3a18941d0697c053ff75ccfdfae55f2e0f70afde85e6ef82e0c90077dcbc933247b8ac568f1fd28a7b3cc1f0eb1af9640f409a349
Score

10^/10

umbral execution spyware stealer
- Detect Umbral payload
- Umbral
  Umbral stealer is an opensource moduler stealer written in C#.
  stealer umbral
- Umbral family
  umbral
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Using powershell.exe command.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

umbralexecutionspywarestealer