Overview

overview

10

Static

static

10

Umbral.exe

windows10-2004-x64

10

Umbral.exe

windows10-ltsc_2021-x64

10

Umbral.exe

windows11-21h2-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Новая сжатая ZIP-папка.zip

  • Size

    91KB

  • Sample

    250325-yle7nsvpv9

  • MD5

    a332eaa6925dd3d6336893b798e6f277

  • SHA1

    237ce21563041095dab535c061d01abc04d91e4d

  • SHA256

    3400ddef0bbb984b0236598a7e0416fc744bc3897ec4d2a6744f74799aa2f1d4

  • SHA512

    a0efac6d3fe3aa8e241db98b4cad2502cd5da58b836573ccb88512997293bb99d51852d88f46c524ecf1d17cc32ec58c0dd168330f38fe2c1294dc8334c2340b

  • SSDEEP

    1536:HwfRoGjduFLbJirO9TN0U+By6znkBrbXPbrlyruJmHOwEntS8u2uz64QsL/G6Ox1:Huj05b0O9RErMPlyaaUtX4vL/I/t

Score
10/10
umbralstealer

Malware Config

Extracted

Family

umbral

C2

https://discord.com/api/webhooks/1354174093003329598/RcMwCs1pKWptqNfuG-bnbpQYHfvzrhYHkp-JQyQL19RLBiyUZN0PzH5agHDx098fepIw

Targets

    • Target

      Umbral.exe

    • Size

      229KB

    • MD5

      b4510acd06789ca5c9c98bfac48cd54c

    • SHA1

      1907b55c643c7a3ab7f0589793c63f36065f8345

    • SHA256

      24259eb3fb38c08bc329c1bab6a449a3f547734981c1b4c7884ac874ad66cc48

    • SHA512

      8f49cdb658dc907d3464fe5619bb30972a5bc02b0abeda74e05beeaf69f2f2991e139cd93ca71e7b465ec4f6691583ff19dd7aee68db79cebafd26094a86f2f1

    • SSDEEP

      6144:lloZM+rIkd8g+EtXHkv/iD438t9Cg/7I9R0STTK8Eb8e1mvi:noZtL+EP838t9Cg/7I9R0STTKht

    Score
    10/10
    umbralstealer

    • Detect Umbral payload

    • Umbral

      Umbral stealer is an opensource moduler stealer written in C#.

      stealerumbral

    • Umbral family

      umbral

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2behavioral3

MITRE ATT&CK Enterprise v15

Tasks