umbral | 9aef7a2f101a0ee9126a42195cd4d646aa8af678efea884617c67f1d4ba38ac0 | Triage

Submit
Reports

Overview

overview

Static

static

DeltaCrack.exe

windows10-2004-x64

Sharing

General

Target

DeltaCrack.exe
Size

259KB
Sample

250412-mk1w7sszav
MD5

31ad590c8b916b8fd2940c88cb4ec5e1
SHA1

b4fefbb7baf5e5f62fa7cddd7ac1cf2e02e57aca
SHA256

9aef7a2f101a0ee9126a42195cd4d646aa8af678efea884617c67f1d4ba38ac0
SHA512

ec23dc58cf781962cfc07c373a4c4b02bd3a620f1557c8c2901dc26917876f30aba73b765c4ced6bf24f8714a21221804928d7b85d5dbb22652baf1072a19ffc
SSDEEP

6144:RlloZMHrIkd8g+EtXHkv/iD4cOICli8e1mhOj+iW:poZIL+EP8b6BjzW

Score

10^/10

umbral discovery execution spyware stealer

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

DeltaCrack.exe

Resource

win10v2004-20250410-en

umbral discovery execution spyware stealer

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Targets

- Target
  
  DeltaCrack.exe
- Size
  
  259KB
- MD5
  
  31ad590c8b916b8fd2940c88cb4ec5e1
- SHA1
  
  b4fefbb7baf5e5f62fa7cddd7ac1cf2e02e57aca
- SHA256
  
  9aef7a2f101a0ee9126a42195cd4d646aa8af678efea884617c67f1d4ba38ac0
- SHA512
  
  ec23dc58cf781962cfc07c373a4c4b02bd3a620f1557c8c2901dc26917876f30aba73b765c4ced6bf24f8714a21221804928d7b85d5dbb22652baf1072a19ffc
- SSDEEP
  
  6144:RlloZMHrIkd8g+EtXHkv/iD4cOICli8e1mhOj+iW:poZIL+EP8b6BjzW
Score

10^/10

umbral discovery execution spyware stealer
- Detect Umbral payload
- Umbral
  Umbral stealer is an opensource moduler stealer written in C#.
  stealer umbral
- Umbral family
  umbral
- Command and Scripting Interpreter: PowerShell
  Using powershell.exe command.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1

MITRE ATT&CK Enterprise v16

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

umbraldiscoveryexecutionspywarestealer

© 2018-2025

Terms | Privacy