umbral | 2599b76e8efb52c183e141c5bbd92da2aefd767295b8579a40442415c8b7061a | Triage

Submit
Reports

Overview

overview

Static

static

1

chrome pas...xt.lnk

windows10-2004-x64

Sharing

General

Target

chrome passwords.txt.lnk
Size

2KB
Sample

250323-sc1jcsykt3
MD5

47668567f79882bddc96a52bc6c1fc89
SHA1

7d0e69cff74fb5bd0e58d494c3f5eab815703f4d
SHA256

2599b76e8efb52c183e141c5bbd92da2aefd767295b8579a40442415c8b7061a
SHA512

71e57e3c278611e7f27d1fc4338297f04946f6e2dced678fdd05541f33524ee3d6c635a24e27f03e20064f8a9496f212b02193a241e3627b0b286d8d71c9cf5f

Score

10^/10

umbral execution spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

chrome passwords.txt.lnk

Resource

win10v2004-20250314-en

umbral execution spyware stealer

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Targets

- Target
  
  chrome passwords.txt.lnk
- Size
  
  2KB
- MD5
  
  47668567f79882bddc96a52bc6c1fc89
- SHA1
  
  7d0e69cff74fb5bd0e58d494c3f5eab815703f4d
- SHA256
  
  2599b76e8efb52c183e141c5bbd92da2aefd767295b8579a40442415c8b7061a
- SHA512
  
  71e57e3c278611e7f27d1fc4338297f04946f6e2dced678fdd05541f33524ee3d6c635a24e27f03e20064f8a9496f212b02193a241e3627b0b286d8d71c9cf5f
Score

10^/10

umbral execution spyware stealer
- Detect Umbral payload
- Umbral
  Umbral stealer is an opensource moduler stealer written in C#.
  stealer umbral
- Umbral family
  umbral
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Powershell Invoke Web Request.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

umbralexecutionspywarestealer

© 2018-2025

Terms | Privacy